On 30/08/18 08:33, Jan Beulich wrote: >>>> On 29.08.18 at 19:15, <andrew.coop...@citrix.com> wrote: >> On 26/07/18 14:07, Jan Beulich wrote: >>> Don't chance having Spectre v1 (including BCBS) gadgets. In some of the >>> cases the insertions are more of precautionary nature rather than there >>> provably being a gadget, but I think we should err on the safe (secure) >>> side here. >>> >>> Signed-off-by: Jan Beulich <jbeul...@suse.com> >> I'm still not convinced by the update_domain_cpuid_info() change. It is >> a BCBS gadget, but is restricted to the toolstack only which can get at >> all the interesting data via legitimate means, and also not long for >> this world. > Well, this goes back to our beloved XSA-77, i.e. highly disaggregated tool > stacks.
Disaggregating responsibility for domain construction to this level is a fantasy. Its not secure and cannot be made to be. The lack of any work on XSA-77 from the people who use XSM would suggest that noone is using XSM to for this purpose (which also matches my vague understanding of how OpenXT does use XSM). > >> Everything else LGTM. Reviewed-by: Andrew Cooper >> <andrew.coop...@citrix.com> > Please clarify whether you'd prefer me to drop the domctl.c part of the > change - I'm fine either way, with just a slight preference towards > precautions also for tool stack only interfaces. I'd prefer you to drop it. This code is being entirely rewritten, in a security-relevant series, and I'll make sure that the end result isn't vulnerable to BCBS, but if you commit this patch, its just work I'll have to undo. ~Andrew _______________________________________________ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel
