|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH v2] x86: assorted array_index_nospec() insertions
>>> On 29.08.18 at 19:15, <andrew.cooper3@xxxxxxxxxx> wrote: > On 26/07/18 14:07, Jan Beulich wrote: >> Don't chance having Spectre v1 (including BCBS) gadgets. In some of the >> cases the insertions are more of precautionary nature rather than there >> provably being a gadget, but I think we should err on the safe (secure) >> side here. >> >> Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx> > > I'm still not convinced by the update_domain_cpuid_info() change. It is > a BCBS gadget, but is restricted to the toolstack only which can get at > all the interesting data via legitimate means, and also not long for > this world. Well, this goes back to our beloved XSA-77, i.e. highly disaggregated tool stacks. > Everything else LGTM. Reviewed-by: Andrew Cooper > <andrew.cooper3@xxxxxxxxxx> Please clarify whether you'd prefer me to drop the domctl.c part of the change - I'm fine either way, with just a slight preference towards precautions also for tool stack only interfaces. Jan _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxxx https://lists.xenproject.org/mailman/listinfo/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |