Xen project Mailing List

Re: [Xen-devel] [PATCH 0/4] XSA-52..54 follow-up

From: George Dunlap <george.dunlap@xxxxxxxxxxxxx>

Date: Tue, 4 Jun 2013 11:47:53 +0100

Cc: LarsKurth <lars.kurth@xxxxxxxxxx>, Keir Fraser <keir.xen@xxxxxxxxx>, xen-devel <xen-devel@xxxxxxxxxxxxx>

Delivery-date: Tue, 04 Jun 2013 10:48:14 +0000

List-id: Xen developer discussion <xen-devel.lists.xen.org>

On 06/04/2013 11:45 AM, Jan Beulich wrote:

On 04.06.13 at 12:09, George Dunlap <george.dunlap@xxxxxxxxxxxxx> wrote:

On 06/04/2013 11:00 AM, Keir Fraser wrote:

On 04/06/2013 08:58, "Jan Beulich" <JBeulich@xxxxxxxx> wrote:

The first patch really isn't as much of a follow-up than what triggered
the security issues to be noticed in the first place.

1: x86: preserve FPU selectors for 32-bit guest code
2: x86: fix XCR0 handling
3: x86/xsave: adjust state management
4: x86/fxsave: bring in line with recent xsave adjustments

The first two I would see as candidates for 4.3 (as well as
subsequent backporting, albeit I realize that especially the first
one is non-trivial), while the third is code improvement only,
and the fourth is really just cleanup, and hence I'd be fine with
deferring them until after 4.3.

Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>


I like the patches, 1 & 2 are good bug fixes.
Acked-by: Keir Fraser <keir@xxxxxxx>

Patch #1 is quite scary though! I wonder really whether these long-lived
issues must be fixed right now, let alone backported?


Yeah, I was going to say, with all this tricky code going in, including
this one, and the XSA-55 (?) one that seems to have tons of tricky
changes, whether it might not be a good idea to make sure we have at
least 2 weeks of testing and another test day -- or, delay the test day
Wednesday until we can get all of these in.


Agreed, but I don't know what implications delaying a Test Day
would have. We certainly don't want to release in a rush with all
these new fixes.

Jan, looking at the comments, it seems like 3 and 4 are more about
performance than correctness?  I think those should probably wait until
the 4.4 dev window opens up.


Yes, as I also said in the overview description above. The question
is really just about the first two to go in right away.

These seem pretty clearly like things we need to have fixed in the

release -- they're the kind of thing that is likely to have potentially

nasty, hard-to-track-down side effects.

-George _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.