>>> On 16.01.18 at 13:12, <dunl...@umich.edu> wrote: > On Mon, Jan 15, 2018 at 11:07 AM, Jan Beulich <jbeul...@suse.com> wrote: >> First of all we don't need it on AMD systems. Additionally allow its use >> to be controlled by command line option. For best backportability, this >> intentionally doesn't use alternative instruction patching to achieve >> the intended effect - while we likely want it, this will be later >> follow-up. > > Is it worth making it optional to apply to dom0? In most cases, if an > attacker can manage to get userspace on dom0, they should be able to > take over the whole system anyway; turning it off on dom0 to get > better performance seems like a policy decision that administrators > might reasonably make.
Irrespective of Jürgen's reply (which I agree with) this would be an option, but I'd prefer to fold this into the stage 2 activities (if we really want it in the first place). Jan _______________________________________________ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel
