Re: CVE-2017-5754 - XEN silent_disable?
On Fri, 12 Jan 2018, Vincent Lefevre wrote:
> But I think I've found the reason:
> In arch/x86/mm/kaiser.c:
> void __init kaiser_check_boottime_disable(void)
> if (boot_cpu_has(X86_FEATURE_XENPV))
> goto silent_disable;
> kaiser_enabled = 0;
> I must be in the "silent_disable" case (this is a Xen guest).
> It's unfortunate that no-one mentions this case!
It is an unfortunate situation all around, no doubt! I did a quick
websearch and found contrary opinions about whether Xen paravirtualization
is affected or not, whether a patched server and a patched guest is
necessary, and to what degree patching one or the other protects either,
and from whom.