>>> On 29.08.18 at 19:15, <andrew.coop...@citrix.com> wrote: > On 26/07/18 14:07, Jan Beulich wrote: >> Don't chance having Spectre v1 (including BCBS) gadgets. In some of the >> cases the insertions are more of precautionary nature rather than there >> provably being a gadget, but I think we should err on the safe (secure) >> side here. >> >> Signed-off-by: Jan Beulich <jbeul...@suse.com> > > I'm still not convinced by the update_domain_cpuid_info() change. It is > a BCBS gadget, but is restricted to the toolstack only which can get at > all the interesting data via legitimate means, and also not long for > this world.
Well, this goes back to our beloved XSA-77, i.e. highly disaggregated tool stacks. > Everything else LGTM. Reviewed-by: Andrew Cooper > <andrew.coop...@citrix.com> Please clarify whether you'd prefer me to drop the domctl.c part of the change - I'm fine either way, with just a slight preference towards precautions also for tool stack only interfaces. Jan _______________________________________________ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel
