WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-users

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Xen-users] are Xen 3.1.0 kernels CVE-2007-4573 vulnerable

from [Mark Williamson] [Permanent Link][Original]
To: xen-users@xxxxxxxxxxxxxxxxxxx
Subject: Re: [Xen-users] are Xen 3.1.0 kernels CVE-2007-4573 vulnerable
From: Mark Williamson <mark.williamson@xxxxxxxxxxxx>
Date: Sat, 6 Oct 2007 21:49:21 +0100
Cc: "Fajar A. Nugraha" <fajar@xxxxxxxxxxxxx>
Delivery-date: Sat, 06 Oct 2007 13:50:15 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <4705B8BE.1060300@xxxxxxxxxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References: <Pine.LNX.4.64.0710011215020.7452@xxxxxxxxxxxxxxxxx> <200710050310.35966.mark.williamson@xxxxxxxxxxxx> <4705B8BE.1060300@xxxxxxxxxxxxx>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: KMail/1.9.6 
> Mark Williamson wrote:
> >> I understand that a xen 3.0.3-compiled kernel could be a domU in this
> >> setup but not a dom0.  Is this understanding wrong?
> >
> > It definitely couldn't be a dom0.
>
> And why is that?
> My current testing seems to works OK. Should I expect some bugs to
> pop-out later?


Hmmm OK.  I *thought* the dom0 interface had changed again between 3.0.3 and 
3.1, which would suggest that at least some things wouldn't work.  Maybe I'm 
mistaken...

> > Actually, a 3.0.3 kernel quite possibly wouldn't boot in 32-bit mode on a
> > 64-bit Xen from the 3.1 release.  That's because of a fix that hadn't yet
> > been pushed at release time - when 3.1 came out, your 32-bit compat mode
> > kernel needed to be a recent one or it wouldn't work.  The compatibility
> > for older kernels was added later, so it'll be in xen-unstable and I
> > guess it'll probably be in 3.1.1.
>
> Which changeset are you refering to?
>
> Searching for "32 compat" on
> http://xenbits.xensource.com/xen-unstable.hg, I found these comments
> which seems relevant :
> - [32on64] Copy the right grant table status code back to the guest.
> - [32on64 kexec] Add an explicit local branch after re-enabling paging
> - 32-on-64: Fix error path where we fail to successfully switch a guest
> - 32-on-64: Fix error path from memory_op() hypercall.
> - Further fixes for 32on64 bit kexec.
> - Fix 32on64 kexec trampoline. This was broken when Xen was modified to

I'm not clear on exact changesets.  I understand the developments were along 
the following lines:

First support for 32-on-64 was added to Xen and XenLinux; now new 32-bit PAE 
XenLinux kernels could run on 64-bit Xen.

Then Xen 3.1 was released.

Then support for older 32-bit PAE XenLinux kernels was added to the tools, 
which previously wouldn't have been able to handle them.

> all of which are also in xen-3.1-testing.hg

The fixes I was referring to may well have gone into xen-3.1-testing.hg and 
would then be going into 3.1.1 when it's released.

Cheers,
Mark

-- 
Dave: Just a question. What use is a unicyle with no seat?  And no pedals!
Mark: To answer a question with a question: What use is a skateboard?
Dave: Skateboards have wheels.
Mark: My wheel has a wheel!

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Xen-users] Xenserver 4.0.1 running SCO Flavors, Mark Williamson
Next by Date:  Re: [Xen-users] Hypervisor does not start?, Mark Williamson
Previous by Thread:  Re: [Xen-users] are Xen 3.1.0 kernels CVE-2007-4573 vulnerable, Fajar A. Nugraha
Next by Thread:  Re: [Xen-users] are Xen 3.1.0 kernels CVE-2007-4573 vulnerable, Mark Williamson
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy