[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH for-4.9] livepatch: Declare live patching as a supported feature
On 06/26/2017 10:07 PM, Konrad Rzeszutek Wilk wrote: On Mon, Jun 26, 2017 at 07:29:22PM +0100, Julien Grall wrote:Hi, On 06/26/2017 04:36 PM, Ross Lagerwall wrote:Xen Live Patching has been available as tech preview feature since Xen 4.7 and has now had a couple of releases to stabilize. Xen Live patching has been used by multiple vendors to fix several real-world security issues without any severe bugs encountered. Additionally, there are now tests in OSSTest that test live patching to ensure that no regressions are introduced. Based on the amount of testing and usage it has had, we are ready to declare live patching as a 'Supported' feature.There are only test for x86 and amd64. We likely want to have those testThe test-cases are also for ARM32.enabled for all architectures by default.And the OSSTest can test all of those. Can we enable them by default? I know that we limited the number of tests for ARM64 due to limited bandwidth. But I don't think we have anything preventing it on ARM32. Also, I am not aware of anyone using in production livepatch on ARM64 and ARM32. So did anyone give a good kick at the ARM implementaton?I am not aware of anybody using it on production on ARM32 or ARM64. The test-cases are there, the code is there, but yes nobody has kicked the tires on ARM32/ARM64 extensively with it. I would be excited to see vendors that use it and their reports but I am not aware of any.If not, then we should do it before even considering as a supported feature for ARM.OK. Perhaps then only for x86 until ARM operational users pipe up? That would be my preference. My main concern is to handle security issue afterwards because we didn't give any kick at the code. Cheers, -- Julien Grall _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx https://lists.xen.org/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |