Re: port-amd64/49150: xrstor is privileged in Xen

To: port-amd64-maintainer%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost,jnemeth%CornerstoneService.ca@localhost
Subject: Re: port-amd64/49150: xrstor is privileged in Xen
From: coypu%sdf.org@localhost
Date: Sun, 5 Nov 2017 17:25:01 +0000 (UTC)

The following reply was made to PR port-amd64/49150; it has been noted by GNATS.

From: coypu%sdf.org@localhost
To: gnats-bugs%netbsd.org@localhost
Cc: 
Subject: Re: port-amd64/49150: xrstor is privileged in Xen
Date: Sun, 5 Nov 2017 17:23:31 +0000

 The reason it was seen in Intel CPUs is that Xen made a no-xsave flag
 and allowed people to set it (and mentioned it in a security advisory as
 a mitigation so perhaps people were confused).

 Now they have had a fix for this issue for a long time. Can we revert it
 and allow netbsd/xen to use xsave?

 This means removing the xen case in cpu_probe_fpu, if anyone wants to
 try.

 Index: identcpu.c
 ===================================================================
 RCS file: /cvsroot/src/sys/arch/x86/x86/identcpu.c,v
 retrieving revision 1.64
 diff -u -r1.64 identcpu.c
 --- identcpu.c	3 Nov 2017 16:21:01 -0000	1.64
 +++ identcpu.c	5 Nov 2017 17:11:12 -0000
 @@ -771,12 +771,7 @@
  	if (descs[2] > 512)
  		x86_fpu_save_size = descs[2];

 -#ifdef XEN
 -	/* Don't use xsave, force fxsave with x86_xsave_features = 0. */
 -	x86_fpu_save = FPU_SAVE_FXSAVE;
 -#else
  	x86_xsave_features = (uint64_t)descs[3] << 32 | descs[0];
 -#endif
  }

  void

Prev by Date: Re: port-amd64/52696: SMAP breaks -current
Next by Date: NetBSD Nightly Trouble Ticket Report
Previous by Thread: Re: port-amd64/49150: xrstor is privileged in Xen
Next by Thread: bin/49153: Recent regression of nfs_autoload, modautoload test cases
Indexes:

Home | Main Index | Thread Index | Old Index