File xsa370.patch of Package xen.26348

Subject: SUPPORT.md: Document speculative attacks status of non-shim 32-bit PV
From: Ian Jackson ian.jackson@eu.citrix.com Tue Mar 9 15:00:47 2021 +0000
Date: Tue May 4 15:00:24 2021 +0200:
Git: b1e46bc369bb490b721c77f15d2583bbf466152d

This documents, but does not fix, XSA-370.

Reported-by: Jann Horn <jannh@google.com>
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
Signed-off-by: George Dunlap <george.dunlap@citrix.com>
Acked-by: Jan Beulich <jbeulich@suse.com>

--- a/docs/features/feature-levelling.pandoc
+++ b/docs/features/feature-levelling.pandoc
@@ -79,6 +79,19 @@ on all `CPUID` instructions, allowing Xe
 The `CPUID` instruction is unprivileged, so executing it in a PV guest will
 not trap, leaving Xen no direct ability to control the information returned.
 
+Traditional Xen PV guest
+
+    * Status, x86_64: Supported
+    * Status, x86_32, shim: Supported
+    * Status, x86_32, without shim: Supported, with caveats
+
+Due to architectural limitations,
+32-bit PV guests must be assumed to be able to read arbitrary host memory
+using speculative execution attacks.
+Advisories will continue to be issued
+for new vulnerabilities related to un-shimmed 32-bit PV guests
+enabling denial-of-service attacks or privilege escalation attacks.
+
 ### Xen Forced Emulation Prefix
 
 Xen-aware PV software can make use of the 'Forced Emulation Prefix'