On 17.06.2021 16:49, Ian Jackson wrote:
> Jan Beulich writes ("Re: Regressed XSA-286, was [xen-unstable test] 161917:
> regressions - FAIL"):
>> If any OS made such an assumption, then I don't think it would be
>> a vulnerability either. It would simply be a guest kernel bug then.
>
> For the avoidance of doubt:
>
> I think you are saying that if any OS did make the assumption, the
> resulting bug *would not be exploitable* (by an unprivileged guest
> process, or by a PV backend it was speaking to, or, somehow, by
> another guest).
Not exactly: Whether such a kernel bug would also be a vulnerability
cannot be told without knowing how exactly the kernel screwed up.
But it's definitely not Xen to compensate for this, imo. But anyway,
this it largely moot, as there isn't - afaict - any OS making any
such assumption.
Jan
