Re: CVE-2017-5754 - XEN silent_disable?
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Fri, Jan 12, 2018 at 08:08:17PM -0500, bw wrote:
>
>
> On Fri, 12 Jan 2018, Vincent Lefevre wrote:
>
> > But I think I've found the reason:
> >
> > In arch/x86/mm/kaiser.c:
> >
> > void __init kaiser_check_boottime_disable(void)
> > {
> > [...]
> > if (boot_cpu_has(X86_FEATURE_XENPV))
> > goto silent_disable;
> > [...]
> > disable:
> > pr_info("disabled\n");
> >
> > silent_disable:
> > kaiser_enabled = 0;
> > setup_clear_cpu_cap(X86_FEATURE_KAISER);
> > }
> >
> > I must be in the "silent_disable" case (this is a Xen guest).
> >
> > It's unfortunate that no-one mentions this case!
> >
>
> It is an unfortunate situation all around, no doubt! I did a quick
> websearch and found contrary opinions about whether Xen paravirtualization
> is affected or not, whether a patched server and a patched guest is
> necessary, and to what degree patching one or the other protects either,
> and from whom.
FWIW, this is the patch which brought it about:
http://lists-archives.com/linux-kernel/29009008-kaiser-disabled-on-xen-pv.html
I'm not very happy with the "silent" part either.
Cheers
- -- t
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iEYEARECAAYFAlpZtIEACgkQBcgs9XrR2kbNwACfRovUdRTiZR7U1TIfbspdk14b
WXgAnRhSFGayMn18nREAE0hb1h2CkzqV
=GNHh
-----END PGP SIGNATURE-----
Reply to: