[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: CVE-2017-5754 - XEN silent_disable?

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Fri, Jan 12, 2018 at 08:08:17PM -0500, bw wrote:
> 
> 
> On Fri, 12 Jan 2018, Vincent Lefevre wrote:
> 
> > But I think I've found the reason:
> > 
> > In arch/x86/mm/kaiser.c:
> > 
> > void __init kaiser_check_boottime_disable(void)
> > {
> > [...]
> >         if (boot_cpu_has(X86_FEATURE_XENPV))
> >                 goto silent_disable;
> > [...]
> > disable:
> >         pr_info("disabled\n");
> > 
> > silent_disable:
> >         kaiser_enabled = 0;
> >         setup_clear_cpu_cap(X86_FEATURE_KAISER);
> > }
> > 
> > I must be in the "silent_disable" case (this is a Xen guest).
> > 
> > It's unfortunate that no-one mentions this case!
> > 
> 
> It is an unfortunate situation all around, no doubt!  I did a quick 
> websearch and found contrary opinions about whether Xen paravirtualization 
> is affected or not, whether a patched server and a patched guest is 
> necessary, and to what degree patching one or the other protects either, 
> and from whom.

FWIW, this is the patch which brought it about:

  http://lists-archives.com/linux-kernel/29009008-kaiser-disabled-on-xen-pv.html

I'm not very happy with the "silent" part either.

Cheers
- -- t
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlpZtIEACgkQBcgs9XrR2kbNwACfRovUdRTiZR7U1TIfbspdk14b
WXgAnRhSFGayMn18nREAE0hb1h2CkzqV
=GNHh
-----END PGP SIGNATURE-----
Reply to: