NetBSD-Bugs archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: port-amd64/49150: xrstor is privileged in Xen

The following reply was made to PR port-amd64/49150; it has been noted by GNATS.

Subject: Re: port-amd64/49150: xrstor is privileged in Xen
Date: Sun, 5 Nov 2017 17:23:31 +0000

 The reason it was seen in Intel CPUs is that Xen made a no-xsave flag
 and allowed people to set it (and mentioned it in a security advisory as
 a mitigation so perhaps people were confused).
 Now they have had a fix for this issue for a long time. Can we revert it
 and allow netbsd/xen to use xsave?
 This means removing the xen case in cpu_probe_fpu, if anyone wants to
 Index: identcpu.c
 RCS file: /cvsroot/src/sys/arch/x86/x86/identcpu.c,v
 retrieving revision 1.64
 diff -u -r1.64 identcpu.c
 --- identcpu.c	3 Nov 2017 16:21:01 -0000	1.64
 +++ identcpu.c	5 Nov 2017 17:11:12 -0000
 @@ -771,12 +771,7 @@
  	if (descs[2] > 512)
  		x86_fpu_save_size = descs[2];
 -#ifdef XEN
 -	/* Don't use xsave, force fxsave with x86_xsave_features = 0. */
 -	x86_fpu_save = FPU_SAVE_FXSAVE;
  	x86_xsave_features = (uint64_t)descs[3] << 32 | descs[0];

Home | Main Index | Thread Index | Old Index