[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH 00/22] Vixen: A PV-in-HVM shim

On Sat, Jan 6, 2018 at 2:54 PM, Anthony Liguori <aliguori@xxxxxxxx> wrote:
> From: Anthony Liguori <aliguori@xxxxxxxxxx>
> CVE-2017-5754 is problematic for paravirtualized x86 domUs because it
> appears to be very difficult to isolate the hypervisor's page tables
> from PV domUs while maintaining ABI compatibility.  Instead of trying
> to make a KPTI-like approach work for Xen PV, it seems reasonable to
> run a copy of Xen within an HVM (or PVH) domU to provide backwards
> compatibility with guests as mentioned in XSA-254 [1].

I also posted a branch with a backport to 4.9 stable.


While this is a big more than what goes into a typical stable release, given
that it is addressing a security issue and is relatively well contained, I think
it would be worth considering for addition to stable.


Anthony Liguori

Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.