On 28/01/2019 10:56, Jan Beulich wrote: >>>> On 28.01.19 at 09:47, <jgr...@suse.com> wrote: >> On 28/01/2019 09:28, Jan Beulich wrote: >>>>>> On 23.01.19 at 12:51, <nmant...@amazon.de> wrote: >>>> This patch series attempts to mitigate the issue that have been raised in >>>> the >>>> XSA-289 (https://xenbits.xen.org/xsa/advisory-289.html). To block >>>> speculative >>>> execution on Intel hardware, an lfence instruction is required to make sure >>>> that selected checks are not bypassed. Speculative out-of-bound accesses >>>> can >>>> be prevented by using the array_index_nospec macro. >>>> >>>> The lfence instruction should be added on x86 platforms only. To not affect >>>> platforms that are not affected by the L1TF vulnerability, the lfence >>>> instruction is patched in via alternative patching on Intel CPUs only. >>>> Furthermore, the compile time configuration allows to choose how to >>>> protect the >>>> evaluation of conditions with the lfence instruction. >>> >>> I've noticed only now that you weren't Cc-ed on this series. It >>> clearly is something to at least be considered for 4.12. May I >>> ask what your view on this is? Perhaps in particular whether >>> you would want to set some boundary in time until which pieces >>> of it (as they become ready, which looks to be the case for >>> patches 10 and 11 at this point in time) may go in? >> >> I'd say until RC3 they are fine to go in when ready. After that I'd like >> to decide on a case-by-case basis. > > May I interpret this as a release ack for patches 10 and 11 of > v4 then, and perhaps even generally as such an ack for other > parts of the series (with the RC3 boundary in mind)?
Yes. Juergen _______________________________________________ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel
