Re: [PATCH] x86/pti: don't report XenPV as vulnerable

From: Jiri Kosina
Date: Fri Jun 15 2018 - 02:04:59 EST

Next message: kbuild test robot: "Re: [PATCH v4] scsi: xen-scsifront: add error handling for xenbus_printf"
Previous message: Wu Hao: "Re: [PATCH v6 17/29] fpga: dfl: fme: add partial reconfiguration sub feature support"
In reply to: Juergen Gross: "Re: [PATCH] x86/pti: don't report XenPV as vulnerable"
Next in thread: Juergen Gross: "Re: [PATCH] x86/pti: don't report XenPV as vulnerable"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, 15 Jun 2018, Juergen Gross wrote:

> wrong for 64-bit, too, in case the mitigation is disabled at hypervisor
> level.

If that is indeed possible (is it?), then the check we have in
pti_check_boottime_disable() is wrong as well.

> So the test should be done only for CONFIG_X86_64

Fair enough.

> and the returned string should be e.g. "Mitigation: XEN".

Well, perhaps; it'd confuse all the scripts that are checking whether
system is fully secured or not by parsing sysfs files ... but that's
mostly their problem.

Thanks,

--
Jiri Kosina
SUSE Labs

Next message: kbuild test robot: "Re: [PATCH v4] scsi: xen-scsifront: add error handling for xenbus_printf"
Previous message: Wu Hao: "Re: [PATCH v6 17/29] fpga: dfl: fme: add partial reconfiguration sub feature support"
In reply to: Juergen Gross: "Re: [PATCH] x86/pti: don't report XenPV as vulnerable"
Next in thread: Juergen Gross: "Re: [PATCH] x86/pti: don't report XenPV as vulnerable"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]