Xen project Mailing List

Re: Backports for stable branches

From: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>

Date: Mon, 6 Mar 2023 11:44:01 +0000

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=e8ZLogsmPMkBO1El3/urDrsDGsvKVvWzAxDVum6+L6E=; b=nTo3KQryrrDayuiTHQz0CrtCCsggPlDCyG6/u/LxTIMlRjVhA9CUivcwXAhriC2cWbjgaPXOGik0Y7bBEZPhzKHJ9yUEGJLB8lqUqpe4JGfdz+yECcXFJLEh1xg/pu/mI6JBQ1uH5ohKICvaAMjl+1N1oNOdrO3ekJeOH6IrZBECaEt9o2owZlYQfcFDS7uM4DdiIxAPwqN9b7ffdH9L1lCXJvy248VFLL5zoSt3TcPPRDyIg11SMN1YDa6L1rnQGLuCKrrxaeNONjaVcil73nr1H4jlHegFHCH2jjJ6cLRhZWGfk8rVNCiY6JIL3MuWpZpI7O8d73JTVYKSQKeEYg==

Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=I91aelhJQvMMO6rE9PyBHEBa2pu9I1iIgK/GD5WZg068+m6KXTrShV6x4Riom2plEEpdm3/gB/wotGs6zETUU0zOOGXTnwiyZnPZpFiW7/O/U0p91XctlIAoPVHqZJkXoyFD77xYYX5I4UJL8FqzgW8QzArC/SMixUZiPwG74Z4ZDu9jlO7ZAGign47tMiXVa63qoFAj5FKVbCulLaB9yQo2h4wS3nU7u+QR8FrlgfMIbFEhfHOvM8Z1UxE4NjIF/MXJL/Xr3BwCsC0tLq/ZtkH2zGlUl/17H/xhKQZ+EZfRpu3MmtX/6yctr8se5tNYsEG91EIvLqDbLoBxDLgg0w==

Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=citrix.com;

Cc: xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Anthony Perard <anthony.perard@xxxxxxxxxx>

Delivery-date: Mon, 06 Mar 2023 11:44:27 +0000

Ironport-data: A9a23:ElrJ4arm7DRjqUAFlORUgi1HEVdeBmIGZBIvgKrLsJaIsI4StFCzt garIBnSbP+PNDOmeYx0bti0oUxVvJHXnNI3TANl+yFhH35D8puZCYyVIHmrMnLJJKUvbq7FA +Y2MYCccZ9uHhcwgj/3b9ANeFEljfngqoLUUbKCYWYpA1c/Ek/NsDo788YhmIlknNOlNA2Ev NL2sqX3NUSsnjV5KQr40YrawP9UlKm06WNwUmAWP6gR5weFzydNVfrzGInqR5fGatgMdgKFb 76rIIGRpgvx4xorA9W5pbf3GmVirmn6ZFXmZtJ+AsBOszAazsAA+v9T2Mk0MC+7vw6hjdFpo OihgLTrIesf0g8gr8xGO/VQO3kW0aSrY9YrK1Dn2SCY5xWun3cBX5yCpaz5VGEV0r8fPI1Ay RAXAD5OTBCp2/Ku+oqAQ89BotYHFJO1J6pK7xmMzRmBZRonabbqZvySoPpnhnI3jM0IGuvCb c0EbzYpdA7HfxBEJlYQDtQ5gfusgX78NTZfrTp5p4JuuzSVkFM3jeWraYKLEjCJbZw9ckKwj 2TK5WnmRDodM8SS02Gt+XOwnO7f2yj8Xer+EZXpp6A02AzOlgT/DjVKc0P8+aCVhXejSshNB mMquSct8PY9oRnDot7VGkfQTGS/lhwWVsdUEuY6wBqQ0aeS6AGcbkAUQzgEZNE4ucseQT0xy kTPj97vHSZosrCeVTSa7Lj8kN+pES0cLGtHYDBeSwIAuoHnuNtq1kyJSct/GqmoiNGzASv33 z2BsCk5gfMUkNIP0KK4u1vAhlpAu6T0c+L83S2PNkrN0++zTNfNi1CAgbQD0ct9EQ==

Ironport-hdrordr: A9a23:AS2OaK2CSp02Kkzm5OAK2wqjBLwkLtp133Aq2lEZdPU1SKClfq WV98jzuiWatN98Yh8dcLK7WJVoMEm8yXcd2+B4V9qftWLdyQiVxe9ZnO7f6gylNyri9vNMkY dMGpIObOEY1GIK7/rH3A==

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 06/03/2023 7:28 am, Jan Beulich wrote: > On 03.03.2023 16:56, Andrew Cooper wrote: >> Two python bugfixes which definitely qualify for backport: >> >> 897257ba49d0 tools/python: change 's#' size type for Python >= 3.10 >> 3a59443c1d5a tools/xenmon: Fix xenmon.py for with python3.x > Queued. I wasn't entirely certain about these when I saw them going in. > They also had no Fixes: tags. In both cases, they're requirements added by an external party after the code was in our tree, so there are no obvious fixes tags. The first patch is really "support compiling with Python 3.10", while the second is arguably a bug in Xen 4.10(?) when declared full Python 3 support. >> Next, I'm going to argue for taking: >> >> f7d07619d2ae x86/vmx: implement VMExit based guest Bus Lock detection >> d329b37d1213 x86/vmx: introduce helper to set VMX_INTR_SHADOW_NMI >> 573279cde1c4 x86/vmx: implement Notify VM Exit >> 5f08bc9404c7 x86/vmx: Partially revert "x86/vmx: implement Notify VM Exit" >> >> These are technically new features for Sapphire Rapids, but they're both >> very simple (in the grand scheme of new features), and are both >> mitigations to system-wide denial of services that required silicon >> changes to make happen. >> >> Either way, there is a security argument to be made for backporting these. > I have to admit I'm not entirely certain here. At present my inclination > would be to put them in 4.17 only, where - it only going to be 4.17.1 - > the "new feature" aspect is more reasonable to accept. 4.16, otoh, is > relatively soon to go out of general support (albeit I notice not yet > after the next stable release, as this time round the 4 month cadence > was followed pretty closely). Thoughts? Bus Lock detection is a "simple" DoS mitigation. The system continues to function in presence of a rogue core generating buslocks as fast as possible. So this is (ultimately) a nice-to-have. Notify Exit is different. It is intended to mitigate pipeline infinite loops - two we've issued an XSA for, but the PCI Passthrough one that has no mitigation other than this. The further we backport Notify Exit, the more we shrink the affected versions on a theoretical future pipeline infinite loop. (Marginally, perhaps, but its still a good start.) So putting them into 4.17 is definitely an improvement over only being in 4.18. But I think if we do get a new pipeline infinite loop issue in the future, I'll be backporting Notify Exit as a prerequisite on all security branches that don't currently have it. ~Andrew

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.