Xen project Mailing List

Re: [Xen-devel] [PATCH 00/22] Vixen: A PV-in-HVM shim

From: Anthony Liguori <anthony@xxxxxxxxxxxxx>

Date: Sat, 6 Jan 2018 15:29:23 -0800

Cc: Wei Liu <wei.liu2@xxxxxxxxxx>, Anthony Liguori <aliguori@xxxxxxxxxx>, KarimAllah Ahmed <karahmed@xxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Jan H. Schönherr <jschoenh@xxxxxxxxx>, Matt Wilson <msw@xxxxxxxxxx>, xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>

Delivery-date: Sat, 06 Jan 2018 23:29:36 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On Sat, Jan 6, 2018 at 2:54 PM, Anthony Liguori <aliguori@xxxxxxxx> wrote: > From: Anthony Liguori <aliguori@xxxxxxxxxx> > > CVE-2017-5754 is problematic for paravirtualized x86 domUs because it > appears to be very difficult to isolate the hypervisor's page tables > from PV domUs while maintaining ABI compatibility. Instead of trying > to make a KPTI-like approach work for Xen PV, it seems reasonable to > run a copy of Xen within an HVM (or PVH) domU to provide backwards > compatibility with guests as mentioned in XSA-254 [1]. I also posted a branch with a backport to 4.9 stable. https://github.com/aliguori/xen/tree/vixen-stable-4.9 While this is a big more than what goes into a typical stable release, given that it is addressing a security issue and is relatively well contained, I think it would be worth considering for addition to stable. Regards, Anthony Liguori _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxxx https://lists.xenproject.org/mailman/listinfo/xen-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.