[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v2 2/2] x86: allow Meltdown band-aid to be disabled

On Mon, Jan 15, 2018 at 11:07 AM, Jan Beulich <JBeulich@xxxxxxxx> wrote:
> First of all we don't need it on AMD systems. Additionally allow its use
> to be controlled by command line option. For best backportability, this
> intentionally doesn't use alternative instruction patching to achieve
> the intended effect - while we likely want it, this will be later
> follow-up.

Is it worth making it optional to apply to dom0?  In most cases, if an
attacker can manage to get userspace on dom0, they should be able to
take over the whole system anyway; turning it off on dom0 to get
better performance seems like a policy decision that administrators
might reasonably make.


Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.