Hacker News new | ask | show | jobs
by anarazel 3088 days ago
I think this is possibly the xen PV side of the fix. Linux' PTI mitigation isn't enabled for paravirt xen:

        if (hypervisor_is_type(X86_HYPER_XEN_PV)) {
		pti_print_if_insecure("disabled on XEN PV.");
		return;
	}
1 comments
justryry 3088 days ago
Interesting. I took a look and this is the only hypervisor specific piece of code I can find in the patches.

I have wondered what the impact would be on hypervisors. Xen seems like they patched it in a way that removes the need for guests to mitigate, but would guests of other hypervisors get hit with the penalty twice in some cases?

link
panarky 3088 days ago
> removes the need for guests to mitigate

Google says guests need to upgrade.

"Compute Engine customers must update their virtual machine operating systems and applications so that their virtual machines are protected from intra-guest attacks and inter-guest attacks that exploit application-level vulnerabilities."

"Compute Engine customers should work with their operating system provider(s) to download and install the necessary patches."

https://support.google.com/faqs/answer/7622138#gce

link
anarazel 3087 days ago
Note that this is only for PV guests, which most people don't use anymore...
link