[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] Xen 3.4.x Backports

Hi Keith,

CC: Xen-devel Mailing List

I've noticed that you seem to be a major contributor with regards to keeping the 3.4.x branch updated with backported security patches. As Xen security is a high priority, I hope you don't mind me discussing with you whether some CVEs are backported or not. I really appreciate your time to read this email. Of course, the rest of the list can chime in as always!



The patch performs the following:
-    (((unsigned long)(addr) < (1UL<<48)) || \
+    (((unsigned long)(addr) < (1UL<<47)) || \

I see that the Xen security advisory says that only hypervisors 3.3 or earlier are affected. However, I note that in later versions of Xen, the line changed in the patch remains untouched. Any ideas why this is the case? Additionally, Redhat in their advisories claim to fix this issue in their kernel update. How can this be, given that this is a Xen hypervisor issue?



Any idea when this can be backported to 3.4.x? I see that this has made it to 4.1-testing stable branch


Maybe this is currently impossible to get going on the 3.4.x branch as the upstream qemu trees don't have a 3.4.x Xen patch for this?


Again, this doesn't appear to be backported to 3.4.x, however I note that Red Hat claim to have fixed this in their kernel version. This is where I get confused again. How can a hypervisor issue be fixed in the kernel??

Once again, I really appreciate your time, and I'm very sorry if I'm wasting it!


Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.