[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH] x86: Meltdown band-aid against malicious 64-bit PV guests

To: Jan Beulich <JBeulich@xxxxxxxx>
From: Stefano Stabellini <sstabellini@xxxxxxxxxx>
Date: Fri, 12 Jan 2018 09:34:41 -0800 (PST)
Authentication-results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=kernel.org
Authentication-results: mail.kernel.org; spf=none smtp.mailfrom=sstabellini@xxxxxxxxxx
Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, security@xxxxxxxxxxxxxx, xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>
Delivery-date: Fri, 12 Jan 2018 17:35:09 +0000
Dmarc-filter: OpenDMARC Filter v1.3.2 mail.kernel.org 773462173D
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On Fri, 12 Jan 2018, Jan Beulich wrote:
> >>> On 12.01.18 at 18:02, <roger.pau@xxxxxxxxxx> wrote:
> > On Fri, Jan 12, 2018 at 03:19:38AM -0700, Jan Beulich wrote:
> >> @@ -799,6 +982,10 @@ void __init smp_prepare_cpus(unsigned in
> >>  
> >>      stack_base[0] = stack_start;
> >>  
> >> +    if ( !setup_cpu_root_pgt(0) )
> >> +        panic("No memory for root page table\n");
> >> +    get_cpu_info()->pv_cr3 = __pa(per_cpu(root_pgt, 0));
> > 
> > Wouldn't it be helpful to have a command line option to decide whether
> > to enable this feature or not?
> 
> Well, that would be an option, but falling into the optimization
> category. Once the basic concept has been proven by a 2nd
> party to have no obvious flaws, along with backporting some
> of the improvements would be my goal to work on, but the
> latter behind looking at the Spectre patches (i.e. I first want
> to get all fixes sorted, and then deal with improvements).

That's an amazing work, Jan. Thank you! Finally, a fix I can deploy. As
soon as this patch is properly verified, I think we should update all
references to Meltdown in our docs and advisories to point to this fix.

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel

Follow-Ups:
- Re: [Xen-devel] [PATCH] x86: Meltdown band-aid against malicious 64-bit PV guests
  - From: Andrew Cooper

References:
- [Xen-devel] [PATCH] x86: Meltdown band-aid against malicious 64-bit PV guests
  - From: Jan Beulich
- Re: [Xen-devel] [PATCH] x86: Meltdown band-aid against malicious 64-bit PV guests
  - From: Roger Pau Monné
- Re: [Xen-devel] [PATCH] x86: Meltdown band-aid against malicious 64-bit PV guests
  - From: Jan Beulich

Prev by Date: Re: [Xen-devel] Xen Project Spectre/Meltdown FAQ
Next by Date: [Xen-devel] Xen Security Advisory 254 (CVE-2017-5753, CVE-2017-5715, CVE-2017-5754) - Information leak via side effects of speculative execution
Previous by thread: Re: [Xen-devel] [PATCH] x86: Meltdown band-aid against malicious 64-bit PV guests
Next by thread: Re: [Xen-devel] [PATCH] x86: Meltdown band-aid against malicious 64-bit PV guests
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.