|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH v2 2/2] x86: allow Meltdown band-aid to be disabled
On Tue, Jan 16, 2018 at 12:35 PM, Jan Beulich <JBeulich@xxxxxxxx> wrote: >>>> On 16.01.18 at 13:12, <dunlapg@xxxxxxxxx> wrote: >> On Mon, Jan 15, 2018 at 11:07 AM, Jan Beulich <JBeulich@xxxxxxxx> wrote: >>> First of all we don't need it on AMD systems. Additionally allow its use >>> to be controlled by command line option. For best backportability, this >>> intentionally doesn't use alternative instruction patching to achieve >>> the intended effect - while we likely want it, this will be later >>> follow-up. >> >> Is it worth making it optional to apply to dom0? In most cases, if an >> attacker can manage to get userspace on dom0, they should be able to >> take over the whole system anyway; turning it off on dom0 to get >> better performance seems like a policy decision that administrators >> might reasonably make. > > Irrespective of Jürgen's reply (which I agree with) this would be an > option, but I'd prefer to fold this into the stage 2 activities (if we > really want it in the first place). That sounds reasonable. -George _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxxx https://lists.xenproject.org/mailman/listinfo/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |