From: Juergen Gross <jgross@suse.com>
To: George Dunlap <dunlapg@umich.edu>, Jan Beulich <JBeulich@suse.com>
Cc: xen-devel <xen-devel@lists.xenproject.org>,
Andrew Cooper <andrew.cooper3@citrix.com>
Subject: Re: [PATCH v2 2/2] x86: allow Meltdown band-aid to be disabled
Date: Tue, 16 Jan 2018 13:21:34 +0100 [thread overview]
Message-ID: <c57288e4-d351-7de3-8a60-467c45c09542@suse.com> (raw)
In-Reply-To: <CAFLBxZa12YCq_=jnPK_s-ZbRk6=p9AL+MY0K=SiJL+e-OT+4ZA@mail.gmail.com>
On 16/01/18 13:12, George Dunlap wrote:
> On Mon, Jan 15, 2018 at 11:07 AM, Jan Beulich <JBeulich@suse.com> wrote:
>> First of all we don't need it on AMD systems. Additionally allow its use
>> to be controlled by command line option. For best backportability, this
>> intentionally doesn't use alternative instruction patching to achieve
>> the intended effect - while we likely want it, this will be later
>> follow-up.
>
> Is it worth making it optional to apply to dom0? In most cases, if an
> attacker can manage to get userspace on dom0, they should be able to
> take over the whole system anyway; turning it off on dom0 to get
> better performance seems like a policy decision that administrators
> might reasonably make.
You are implying here that Linux is insecure: why does userspace access
allow you to take over the machine? I can see that being true for root
access, but not for any other unprivileged user account.
Juergen
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
next prev parent reply other threads:[~2018-01-16 12:21 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-01-15 11:01 [PATCH v2 0/2] x86: initial simplistic Meltdown mitigation Jan Beulich
2018-01-15 11:06 ` [PATCH v2 1/2] x86: Meltdown band-aid against malicious 64-bit PV guests Jan Beulich
2018-01-15 18:23 ` Andrew Cooper
2018-01-16 7:46 ` Jan Beulich
2018-01-16 11:51 ` Andrew Cooper
2018-01-16 12:33 ` Jan Beulich
2018-01-16 13:26 ` Andrew Cooper
2018-01-16 9:33 ` Jan Beulich
2018-01-16 11:56 ` Andrew Cooper
2018-01-16 12:25 ` Jan Beulich
2018-01-15 11:07 ` [PATCH v2 2/2] x86: allow Meltdown band-aid to be disabled Jan Beulich
2018-01-15 18:26 ` Andrew Cooper
2018-01-16 8:12 ` Jan Beulich
2018-01-16 13:20 ` Andrew Cooper
2018-01-16 13:51 ` Jan Beulich
2018-01-16 12:12 ` George Dunlap
2018-01-16 12:21 ` Juergen Gross [this message]
2018-01-16 12:39 ` George Dunlap
2018-01-16 12:35 ` Jan Beulich
2018-01-16 12:40 ` George Dunlap
2018-01-16 15:16 ` [PATCH v3 0/2] x86: initial simplistic Meltdown mitigation Jan Beulich
2018-01-16 15:21 ` [PATCH v3 1/2] x86: Meltdown band-aid against malicious 64-bit PV guests Jan Beulich
2018-01-16 16:05 ` Andrew Cooper
2018-01-16 17:28 ` Andy Smith
2018-01-16 18:02 ` George Dunlap
2018-01-16 18:13 ` Andrew Cooper
2018-01-16 19:02 ` Wei Liu
2018-01-16 15:22 ` [PATCH v3 2/2] x86: allow Meltdown band-aid to be disabled Jan Beulich
2018-01-16 16:07 ` Andrew Cooper
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=c57288e4-d351-7de3-8a60-467c45c09542@suse.com \
--to=jgross@suse.com \
--cc=JBeulich@suse.com \
--cc=andrew.cooper3@citrix.com \
--cc=dunlapg@umich.edu \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.