|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH] x86/pv: Enable pv-l1tf mitigations for dom0 by default
>>> On 31.01.19 at 14:59, <andrew.cooper3@xxxxxxxxxx> wrote: > At the time XSA-273 was published, shadowing dom0 had proved to be unstable, > which is why dom0 was unprotected by default. The instability was identified > to be problems with shadowing PV superpages, and fixed. > > In hindsight, this patch should have been posted at the same time. > > There is now no legitimate reason to handle dom0 differently to domu when it > comes to pv-l1tf protections. I'm not entirely convinced by this statement: Crashing Dom0 (and hence the entire host) because of a failure to enable shadow mode on it is not a good thing imo. What's wrong with sticking to the current default, just for reasons other than the original one? Anything malicious running in Dom0 has easier (or at least different) ways of getting at the same information. Jan _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxxx https://lists.xenproject.org/mailman/listinfo/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |