[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH] docs: spell out limits of security support for qemu-xen

To: Doug Goldstein <cardoe@xxxxxxxxxx>
From: Stefano Stabellini <stefano.stabellini@xxxxxxxxxxxxx>
Date: Fri, 26 Feb 2016 11:45:47 +0000
Cc: xen-devel@xxxxxxxxxxxxxxxxxxxx, lars.kurth@xxxxxxxxxx, Ian.Jackson@xxxxxxxxxxxxx, JBeulich@xxxxxxxx, Stefano Stabellini <stefano.stabellini@xxxxxxxxxxxxx>
Delivery-date: Fri, 26 Feb 2016 11:46:34 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

On Thu, 25 Feb 2016, Doug Goldstein wrote:
> On 2/25/16 9:43 AM, Stefano Stabellini wrote:
> 
> > +++ b/docs/misc/qemu-xen-security
> > @@ -0,0 +1,20 @@
> > +qemu-xen (git://xenbits.xen.org/qemu-xen.git) is only supported for
> > +security fixes when used together with the Xen hypervisor and only with
> > +a subset of all the possible QEMU emulators. Specifically:
> 
> So I'll get my comments on paper here rather than something just
> mentioned on IRC. This is exactly why the Xen team should be pushing to
> remove as many "in-tree" items as possible. The security surface area of
> Xen is huge and statements like this help the CYA factor they don't
> completely eliminate the problems of manpower of having to check against
> different upstreams if a vulnerability affects you or downstreams doing
> something bad causing a security issue for users which ultimately gets
> blamed on Xen. There are then further complications where sometimes the
> version shipped by Xen isn't an upstream release and so there may be
> other vulnerabilities above and beyond what upstream announces.
> 
> I urge the Xen maintainers to make it a goal to remove external
> libraries and applications (like qemu-xen) from the tree entirely and
> recommend the use of the upstream release. I know the concern is testing
> but it involves calling out your dependencies just like you do any other
> dependency. (e.g. Xen X.Y requires QEMU A.B.C, no guarantees are made
> about the compatibility of other versions)
> 
> I know Stefano is making an effort with this with Project Raisin and
> really that should become the embraced way to stand up a "full" Xen
> system from source rather than a hodge podge collection of packages that
> are fetched by the Xen build system. This will bring the how developers
> use the source packages closer with how many users of distros use Xen
> (e.g. a number of distros use upstream QEMU releases instead of qemu-xen).

Thanks Doug, I fully agree with you.

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

References:
- [Xen-devel] [PATCH] docs: spell out limits of security support for qemu-xen
  - From: Stefano Stabellini
- Re: [Xen-devel] [PATCH] docs: spell out limits of security support for qemu-xen
  - From: Doug Goldstein

Prev by Date: Re: [Xen-devel] [PATCHv4 1/3] x86/fpu: Add a per-domain field to set the width of FIP/FDP
Next by Date: Re: [Xen-devel] [PATCH v5 5/7] VT-d: Refactor iommu_ops .map_page() and unmap_page()
Previous by thread: Re: [Xen-devel] [PATCH] docs: spell out limits of security support for qemu-xen
Next by thread: Re: [Xen-devel] [PATCH v10 01/31] tools/libxl: introduce libxl__domain_restore_device_model to load qemu state
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.