[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Regressed XSA-286, was [xen-unstable test] 161917: regressions - FAIL
- To: Ian Jackson <iwj@xxxxxxxxxxxxxx>
- From: Jan Beulich <jbeulich@xxxxxxxx>
- Date: Thu, 17 Jun 2021 16:40:33 +0200
- Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=iaOlV38ZKFp5FUC5kXh5UF1uoQXByllzTWG/71WSIF4=; b=ab2CU9pYktn3bdcWXP33gTdFUv/WeS+SJ6ulWRwKRos3gYpvkdoX9+RaIje51rQhb5XHq6/gjsI8TuEHlTovmMps2CjsxBUpbmBvtzKgHyW2gIpPp35V/Fxw+ZKX3hRnAlr5kClniWTbk6MfpOxlZn4xjEk4rpfZupI/N2MxL46cD3qjceGhKs6GPC5Ra8ezfM40GqSEckqVXyfrBK9nmsrZOZOHCxpJ9j0joD85fuNF1hbrMC7Px1G9iYpxN5lXcgCI7IdEFhoXsoCf5zgKEknLaxpFIFhefS9xGm904x8TtO3EFuDY/nTRCN1xVcxuqdfTy+UXGe6hXxO6IgumLg==
- Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=PohVUtb+Sc4OEe5xubJJtuohna2CWUZV/ut8zQsbr2ADj8azf7frkES/R9QMHAsyYrYZ1t/MzXqLju6/mplJPt+UU4wCTho1sx4/vWpwjvSqKyU2ZOAKi/fnPyX+JJ8Zf/CROxJHAjwjO3LdMLbxzYwTGOtjFvb3wsYukiVXXW40NrCejogbMUdcA9JtiIu4d3TrT7PH4uJA1qLYLNh6prKqlHTp7qRhHyOBNLNlIGm9uccY/SFc8ZYgBfzX/Nfk/RpRsZ+NhaeqEZ/bDjg6Y8lKrOhh6G+3kPgzM5qCmLeDo4medkjstbxM5Xu6krX2wEzHaC8aOifd9z9tOpEpEw==
- Authentication-results: xenproject.org; dkim=none (message not signed) header.d=none;xenproject.org; dmarc=none action=none header.from=suse.com;
- Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx, Roger Pau Monné <roger.pau@xxxxxxxxxx>, "committers@xxxxxxxxxxxxxx" <committers@xxxxxxxxxxxxxx>
- Delivery-date: Thu, 17 Jun 2021 14:40:47 +0000
- List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 17.06.2021 15:05, Ian Jackson wrote:
> Firstly, let me try to deal with substance and/or technical merit.
>
> Jan, I am finding it difficult to follow in your message whether you
> are asserting that your disputed change (to Xen) did not introduce a
> vulnerability.
>
> I think you are saying that there is no vulnerability, because in any
> overall configuration where this is a vulnerability, the guest would
> have to be making an unjustified assumption.
>
> If this is your reasoning, I don't think it is sound. The question is
> not whether the assumption is justified or not (answering which
> question seems to require nigh-incomprehensible exegesis of processor
> documentation).
>
> The question is whether any guest does in fact make that assumption.
> If any do, then there is a vulnerability. Whether that's a
> vulnerability "in" Xen or "in" the guest is just a question of
> finger-pointing.
>
> If none do then there is no vulnerability.
I don't think any OS does, simply because they can't rely on such
behavior when on on bare metal. The only such assumption was baked
into the respective XTF test.
If any OS made such an assumption, then I don't think it would be
a vulnerability either. It would simply be a guest kernel bug then.
Jan
|