Re: [PATCH] x86/pti: don't report XenPV as vulnerable

From: Juergen Gross
Date: Fri Jun 15 2018 - 02:10:52 EST

Next message: Srinath Mannam: "Re: Requirement to get BAR pci_bus_address in user space"
Previous message: Geert Uytterhoeven: "Re: [PATCH 2/2] arm: multi_v7_defconfig: Enable KSM."
In reply to: Jiri Kosina: "Re: [PATCH] x86/pti: don't report XenPV as vulnerable"
Next in thread: Jiri Kosina: "Re: [PATCH] x86/pti: don't report XenPV as vulnerable"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 15/06/18 08:04, Jiri Kosina wrote:
> On Fri, 15 Jun 2018, Juergen Gross wrote:
>
>> wrong for 64-bit, too, in case the mitigation is disabled at hypervisor
>> level.
>
> If that is indeed possible (is it?), then the check we have in
> pti_check_boottime_disable() is wrong as well.

No, it isn't. PTI for 32-bit kernels isn't paravirtualized, so it has to
be disabled.

>
>> So the test should be done only for CONFIG_X86_64
>
> Fair enough.
>
>> and the returned string should be e.g. "Mitigation: XEN".
>
> Well, perhaps; it'd confuse all the scripts that are checking whether
> system is fully secured or not by parsing sysfs files ... but that's
> mostly their problem.

Right. And I suppose those scripts are fairly new. :-)

Juergen

Next message: Srinath Mannam: "Re: Requirement to get BAR pci_bus_address in user space"
Previous message: Geert Uytterhoeven: "Re: [PATCH 2/2] arm: multi_v7_defconfig: Enable KSM."
In reply to: Jiri Kosina: "Re: [PATCH] x86/pti: don't report XenPV as vulnerable"
Next in thread: Jiri Kosina: "Re: [PATCH] x86/pti: don't report XenPV as vulnerable"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]