Re: [Xen-devel] [PATCH] x86: Meltdown band-aid against malicious 64-bit PV guests

[Andrew Cooper <andrew.cooper3@xxxxxxxxxx>]

On 12/01/18 17:34, Stefano Stabellini wrote:
> On Fri, 12 Jan 2018, Jan Beulich wrote:
>>>>> On 12.01.18 at 18:02, <roger.pau@xxxxxxxxxx> wrote:
>>> On Fri, Jan 12, 2018 at 03:19:38AM -0700, Jan Beulich wrote:
>>>> @@ -799,6 +982,10 @@ void __init smp_prepare_cpus(unsigned in
>>>>  
>>>>      stack_base[0] = stack_start;
>>>>  
>>>> +    if ( !setup_cpu_root_pgt(0) )
>>>> +        panic("No memory for root page table\n");
>>>> +    get_cpu_info()->pv_cr3 = __pa(per_cpu(root_pgt, 0));
>>> Wouldn't it be helpful to have a command line option to decide whether
>>> to enable this feature or not?
>> Well, that would be an option, but falling into the optimization
>> category. Once the basic concept has been proven by a 2nd
>> party to have no obvious flaws, along with backporting some
>> of the improvements would be my goal to work on, but the
>> latter behind looking at the Spectre patches (i.e. I first want
>> to get all fixes sorted, and then deal with improvements).
> That's an amazing work, Jan. Thank you! Finally, a fix I can deploy. As
> soon as this patch is properly verified, I think we should update all
> references to Meltdown in our docs and advisories to point to this fix.

This is far from a complete fix, but if it works, it is a good start.

I'm currently reviewing/investigating and seeing how easy it might be to
merge with my KAISER series (which is several months closer towards a
complete fix).

~Andrew

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel