[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: port-amd64/49150: xrstor is privileged in Xen
The following reply was made to PR port-amd64/49150; it has been noted by GNATS.
Subject: Re: port-amd64/49150: xrstor is privileged in Xen
Date: Sun, 5 Nov 2017 17:23:31 +0000
The reason it was seen in Intel CPUs is that Xen made a no-xsave flag
and allowed people to set it (and mentioned it in a security advisory as
a mitigation so perhaps people were confused).
Now they have had a fix for this issue for a long time. Can we revert it
and allow netbsd/xen to use xsave?
This means removing the xen case in cpu_probe_fpu, if anyone wants to
RCS file: /cvsroot/src/sys/arch/x86/x86/identcpu.c,v
retrieving revision 1.64
diff -u -r1.64 identcpu.c
--- identcpu.c 3 Nov 2017 16:21:01 -0000 1.64
+++ identcpu.c 5 Nov 2017 17:11:12 -0000
@@ -771,12 +771,7 @@
if (descs > 512)
x86_fpu_save_size = descs;
- /* Don't use xsave, force fxsave with x86_xsave_features = 0. */
- x86_fpu_save = FPU_SAVE_FXSAVE;
x86_xsave_features = (uint64_t)descs << 32 | descs;
Main Index |
Thread Index |