[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v2 2/2] x86: allow Meltdown band-aid to be disabled

On Tue, Jan 16, 2018 at 12:35 PM, Jan Beulich <JBeulich@xxxxxxxx> wrote:
>>>> On 16.01.18 at 13:12, <dunlapg@xxxxxxxxx> wrote:
>> On Mon, Jan 15, 2018 at 11:07 AM, Jan Beulich <JBeulich@xxxxxxxx> wrote:
>>> First of all we don't need it on AMD systems. Additionally allow its use
>>> to be controlled by command line option. For best backportability, this
>>> intentionally doesn't use alternative instruction patching to achieve
>>> the intended effect - while we likely want it, this will be later
>>> follow-up.
>> Is it worth making it optional to apply to dom0?  In most cases, if an
>> attacker can manage to get userspace on dom0, they should be able to
>> take over the whole system anyway; turning it off on dom0 to get
>> better performance seems like a policy decision that administrators
>> might reasonably make.
> Irrespective of Jürgen's reply (which I agree with) this would be an
> option, but I'd prefer to fold this into the stage 2 activities (if we
> really want it in the first place).

That sounds reasonable.


Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.