[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [BUG] Error applying XSA240 update 5 on 4.8 and 4.9 (patch 3 references CONFIG_PV_LINEAR_PT, 3285e75dea89, x86/mm: Make PV linear pagetables optional)



>>> On 16.11.17 at 13:30, <netwiz@xxxxxxxxx> wrote:
> On Thursday, 16 November 2017 8:30:39 PM AEDT Jan Beulich wrote:
>> >>> On 15.11.17 at 23:48, <lists@xxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
>> > I am having trouble applying the patch 3 from XSA240 update 5 for xen
>> > stable 4.8 and 4.9
>> > xsa240 0003 contains:
>> > 
>> > CONFIG_PV_LINEAR_PT
>> > 
>> > from:
>> > 
>> > x86/mm: Make PV linear pagetables optional
>> > https://xenbits.xen.org/gitweb/?p=xen.git;a=commitdiff;h=3285e75dea89afb0e 
>> > f5 b3ee39bd15194bd7cc110
>> > 
>> > I cannot find this string in an XSA, nor is an XSA referenced in the
>> > commit.
>> > Am I missing a patch, or doing something wrong?
>> 
>> Well, you're expected to apply all patched which haven't been
>> applied so far. In particular, in the stable version trees, the 2nd
>> patch hasn't gone in yet (I'm intending to do this later today),
>> largely because it (a) wasn't ready at the time the first patch
>> went in and (b) it is more a courtesy patch than an actual part of
>> the security fix.
> 
> I'm not quite sure this is a great idea... They should work on the released 
> versions - hence xsa240 patchset should apply to the base tarball + current 
> XSA patches. If there is something in the git that *isn't* in the latest 
> release, it should be included in the XSA patchset - otherwise the set is 
> incomplete.

Well, I've been taking a different view: The only valid (or so to say
canonical) base to supply patches against is the current tip of the
respective staging branch. Anyone wanting to apply to anything
older will need to make adjustments, if need be. Otherwise what
would keep you or others to request, say, not only patches against
4.7.3, but also against 4.7.0, 4.7.1, and 4.7.2?

> I don't see mention of anywhere in the written XSA that mentions a separate 
> patch is required outside of the patches included with the XSA.

It isn't (afaict), it's just that the included patch 2 is stale. This is
certainly unfortunate, but correct patches can now easily be
taken from the respective git branches. I'm not convinced it is
worthwhile to re-issue the advisory yet another time, but I'm
also not going to stand in the way if others on the security team
want to do so.

> These should be included in 4.9.1 - which makes most things irrelevant - but 
> I'm not aware of what the release window is for 4.9.1.

It is in preparation; I was merely waiting for these regression fixes
to be publicly announced.

Jan


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.