On 03/17/2014 10:14 AM, George Dunlap wrote: > On 03/17/2014 05:05 PM, Jan Beulich wrote: >>>>> On 17.03.14 at 17:55, "H. Peter Anvin" <hpa@xxxxxxxxx> wrote: >>> So if this interface wasn't an accident it was active negligence and >>> incompetence. >> I don't think so - while it (as we now see) disallows certain things >> inside the guest, back at the time when this was designed there was >> no sign of any sort of allocation/scheduling being done inside the >> #NM handler. And furthermore, a PV specification is by its nature >> allowed to define deviations from real hardware behavior, or else it >> wouldn't be needed in the first place. > > But it's certainly the case that deviating from the hardware in *this* way by default was always > very likely to case the exact kind of bug we've seen here. It is an "interface trap" that was bound > to be tripped over (much like Intel's infamous sysret vulnerability). > > Making it opt-in would have been a much better idea. But the people who made that decision are long > gone, and we now need to deal with the situation as we have it. Should or has there been a review of the current xen PVABI to look for any other such deviations? -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/