Port-xen archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Re-enabling xsave

On Nov 7,  8:06pm, coypu%sdf.org@localhost wrote:
} Due to XSA-52 which was a vulnerability in Xen's implementation of fpu
} switching on AMD CPU, they made it possible to disable support for
} XSAVE. This resulted in SIGILL for anyone using XSAVE.
} This was Xen ~4.1. They have since fixed this issue.
} as a stopgap measure, netbsd/xen avoids using XSAVE since, which is a
} shame.

     You are rather wrong on your history.  I can't speak for
anybody else, but I noticed this when trying a 7.0 BETA XEN3_DOMU
kernel on a production Xen system running Xen 4.1.2, where no
options had been specified apart from

menu=Boot Xen with 2GB for dom0:load /netbsd.xen0 console=pc;multiboot /xen41-kernel/xen.gz dom0_mem=2GB dom0_max_vcpus=1 dom0_vcpus_pin

     The result of booting was that the hypervisor whacked the domU
early in the boot sequence, as stated in PR/49150.  That is rather
more serious then SIGILL.

} OK for reverting this stopgap measure?

     Not unless you can prove that it is no longer a problem, which
is something that I strongly doubt.  I do note that xen*41 has been
deleted from pkgsrc, but we still have a number of older versions
starting with xen*42.

} XSA-52: https://xenbits.xenproject.org/xsa/advisory-52.html

     I note that this says that xsave is disabled by default, which
is the opposite of what you say above.

}-- End of excerpt from coypu%sdf.org@localhost

Home | Main Index | Thread Index | Old Index