[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] Fwd: Xen- backport for XSA156

>>> On 20.11.15 at 16:03, <stefan.bader@xxxxxxxxxxxxx> wrote:
> I am currently trying to backport the changes of XSA156 back to Xen-4.1.x and 
> I
> am struggling with the VMX side. I did see the backports made for 4.2 and 3.4 
> on
> the security mailing list but I am not sure the 3.4 backport is not having the
> same issues (or similar ones).
> Trying to write down my understanding of the changes: For the 3.4 backport 
> there
> are only changes to the toggles for debugging and the general trap mask. So 
> if I
> understand this right, before the change, TRAP_debug and TRAP_int3 were only
> handled in vmexit when a debugger was attached to the domain. Now, only
> TRAP_int3 will be toggled and TRAP_debug is always handled.

I've never looked at that 3.4 backport, but not changing the VMEXIT
handling certainly sounds wrong. I'll attach what I have done for 4.1.
Please report back any problems you encounter.


Attachment: CVE-2015-5307-xsa156.patch
Description: Text document

Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.