Xen project Mailing List

Re: Patches for stable 5.10 kernel

From: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>

Date: Mon, 29 Nov 2021 13:25:11 +0100

Cc: "stable@xxxxxxxxxxxxxxx" <stable@xxxxxxxxxxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>

Delivery-date: Mon, 29 Nov 2021 12:25:35 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On Mon, Nov 29, 2021 at 08:19:18AM +0100, Juergen Gross wrote: > Hi Greg, > > could you please add the following upstream patches to the stable 5.10 > kernel (I'll send separate mails for the older stable kernels as some > of the patches don't apply for those)? They are hardening Xen PV > frontends against attacks from related backends. > > Qubes-OS has asked for those patches to be added to stable, too. > > 629a5d87e26fe96b ("xen: sync include/xen/interface/io/ring.h with Xen's > newest version") > 71b66243f9898d0e ("xen/blkfront: read response from backend only once") > 8f5a695d99000fc3 ("xen/blkfront: don't take local copy of a request from the > ring page") > b94e4b147fd1992a ("xen/blkfront: don't trust the backend response data > blindly") > 8446066bf8c1f9f7 ("xen/netfront: read response from backend only once") > 162081ec33c2686a ("xen/netfront: don't read data from request on the ring > page") > 21631d2d741a64a0 ("xen/netfront: disentangle tx_skb_freelist") > a884daa61a7d9165 ("xen/netfront: don't trust the backend response data > blindly") > e679004dec37566f ("tty: hvc: replace BUG_ON() with negative return value") > All now queued up, thanks. But people should be moving to the 5.15 kernel by now and not sticking with 5.10 anymore for stuff like this. greg k-h

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.