[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <ff9f4a24-6e69-cc7b-ba75-e82c9182a805@suse.com>
Date: Fri, 15 Jun 2018 08:10:42 +0200
From: Juergen Gross <jgross@...e.com>
To: Jiri Kosina <jikos@...nel.org>
Cc: Thomas Gleixner <tglx@...utronix.de>,
Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...e.de>,
Mike Latimer <mlatimer@...e.com>, x86@...nel.org,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH] x86/pti: don't report XenPV as vulnerable
On 15/06/18 08:04, Jiri Kosina wrote:
> On Fri, 15 Jun 2018, Juergen Gross wrote:
>
>> wrong for 64-bit, too, in case the mitigation is disabled at hypervisor
>> level.
>
> If that is indeed possible (is it?), then the check we have in
> pti_check_boottime_disable() is wrong as well.
No, it isn't. PTI for 32-bit kernels isn't paravirtualized, so it has to
be disabled.
>
>> So the test should be done only for CONFIG_X86_64
>
> Fair enough.
>
>> and the returned string should be e.g. "Mitigation: XEN".
>
> Well, perhaps; it'd confuse all the scripts that are checking whether
> system is fully secured or not by parsing sysfs files ... but that's
> mostly their problem.
Right. And I suppose those scripts are fairly new. :-)
Juergen
Powered by blists - more mailing lists