search

refutationalist / saur

Sam's AUR -- personal Arch packages
4 stars 5 forks source link

xen: Reduce attack surface #34

Closed RA-Kooi closed 2 months ago

RA-Kooi commented 2 months ago

Disabling grant tables v2 is a significant reduction in attack surface and they're not used anywhere.

TSX is a feature that's being dropped by Intel for having speculative bugs in it. Disable it preemptively.

refutationalist commented 2 months ago

The TSX patch doesn't appear to apply cleanly. It looks like this-- or something like it-- is already in the xen repo. Can you confirm, or do we need to adapt the patch?

RA-Kooi commented 2 months ago

Had to rebase it on the new commits in upstream. Also rebased my XenServer cherry picks while I'm at it.