Re: [Xen-devel] Xen Security Advisory 255 - grant table v2 -> v1 transition may crash Xen

[George Dunlap <george.dunlap@xxxxxxxxxx>]

On 02/27/2018 02:22 PM, Jan Beulich wrote:
>>>> On 27.02.18 at 13:37, <netwiz@xxxxxxxxx> wrote:
>> On Tuesday, 27 February 2018 11:00:08 PM AEDT Xen. org security team wrote:
>>> RESOLUTION
>>> ==========
>>>
>>> Applying the appropriate attached patch resolves this issue.
>>>
>>> xsa255-?.patch         xen-unstable, Xen 4.10.x
>>> xsa255-4.9-?.patch     Xen 4.9.x, Xen 4.8.x
>>> xsa255-4.7-?.patch     Xen 4.7.x
>>> xsa255-4.6-?.patch     Xen 4.6.x
>>
>> Is there a missing pre-requisite patch required for 4.6.6?
>>
>> I'm currently getting a failure on these patches as follows:
>>
>> Patch #55 (xsa255-4.6-1.patch):
>> + echo 'Patch #55 (xsa255-4.6-1.patch):'
>> + /bin/cat /builddir/build/SOURCES/xsa255-4.6-1.patch
>> + /usr/bin/patch -p1 --fuzz=2
>> patching file xen/arch/arm/domain.c
>> patching file xen/arch/arm/mm.c
>> Hunk #2 FAILED at 1075.
>> Hunk #3 FAILED at 1090.
>> 2 out of 3 hunks FAILED -- saving rejects to file xen/arch/arm/mm.c.rej
> 
> I've just applied the patches to all stable branches, and they all
> applied fine, including the 4.6 ones. Are you perhaps missing the
> XSA-235 fix there? In any event, as said a number of times in
> the past, the patches we provide are against the staging branches
> for the respective stable versions; we don't guarantee patches
> apply to vanilla stable releases.

And as other people have said several times, most downstreams don't
build from stable-XX, but take a tarball and add patches to it.  I
expect Steven was asking if someone could point him to specific commits
from stable-XX that might be required.

 -George

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel