Re: [PATCH v2] x86/pti: don't report XenPV as vulnerable

From: Juergen Gross
Date: Mon Jun 18 2018 - 04:07:56 EST


On 18/06/18 09:59, Jiri Kosina wrote:
> From: Jiri Kosina <jkosina@xxxxxxx>
>
> Xen PV domain kernel is not by design affected by meltdown as it's
> enforcing split CR3 itself. Let's not report such systems as "Vulnerable"
> in sysfs (we're also already forcing PTI to off in X86_HYPER_XEN_PV
> cases); the security of the system ultimately depends on presence of
> mitigation in Hypervisor, which can't be easily detected from DomU; let's
> report that.
>
> Reported-and-tested-by: Mike Latimer <mlatimer@xxxxxxxx>
> Signed-off-by: Jiri Kosina <jkosina@xxxxxxx>

Acked-by: Juergen Gross <jgross@xxxxxxxx>


Juergen