[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] XSA-254 SP2 for ARM (was Re: [PATCH 1/5] xen/arm: Introduce enable callback to enable a capabilities on each online CPU)


On 24/01/18 22:43, Stefano Stabellini wrote:
On Wed, 24 Jan 2018, Julien Grall wrote:
Hi Stefano,

On 24 January 2018 at 22:14, Stefano Stabellini <sstabellini@xxxxxxxxxx> wrote:
On Thu, 18 Jan 2018, Julien Grall wrote:
(+ Security team)

Hi Stefano,

On 17/01/18 21:47, Stefano Stabellini wrote:
On Wed, 17 Jan 2018, Stefano Stabellini wrote:
On Wed, 17 Jan 2018, Lars Kurth wrote:
        Regarding README.source, this is covering file and contain the
same mention as in the commit message. As this is a single function.
Isn't the commit message

  From a legal viewpoint it is enough.

If that is enough from a legal viewpoint, then it is enough for me.

However, from a legal viewpoint, I thought we needed to explicitly
mention all the original signed-off-bys because Julien is not actually
the copyright holder for that function, hence, we need to add the
signed-off-bys of all the missing copyright holders.

Actually, reading again the Developer’s Certificate of Origin, it

"The contribution is based upon previous work that, to the best of my
knowledge, is covered under an appropriate open source license and I have
the right under that license to submit that work with modifications, whether
created in whole or in part by me, under the same open source license
(unless I am permitted to submit under a different license), as indicated in
the file"

so I think Lars is right. In that case, there is no need to resubmit
this series, I'll commit to staging as is. If tests go well, I'll
backport it to the stable trees.
Thank you! I have created branches with patches backported up to Xen 4.8. With
minor changes:

    - Xen 4.10: No changes
    - Xen 4.9:
       * minor conflict in some files
       * compilation failure in cpuerrata.c (__virt_to_mfn does not exist)
    - Xen 4.8:
       * conflict in some files (one medium as the number of "features" is
       * compilation failure in cpuerrata.c (__virt_to_mfn does not exist)

The branches can be found on xenbits [1] : xsa-254-sp2-X.XX where X.XX is the
version of Xen.

Xen 4.7 and earlier does not have cpufeature/cpuerrata infrastructure and will
require backport. The only difficulty here should be finding the list of
commits required.

Also, we probably want to update the XSA pointing to the patches. So if
someone wants to backport to Xen 4.7 (or earlier) they can. Any opinions?

These are the commits for the XSA 254 mitigation for the arm64




Something looks quite odd. The commit message have two cherry-pick commit ID.

Why didn't you just merged the branches I provided?

Basically I did the backports on my own, then I double-checked that they
matched your own version of the backports. I did it for safety: this way
we can be quite sure that the backports are good, or both of us did
exactly the same mistakes :-)
It was very helpful to have branches to compare against, thank you for

I also double checked it yesterday because I wasn't sure what you did :).

For staging-4.7, I made the backports and tested them as well. They look
correct. However, given that it was more complex than initially though,
I would appreciate if you could give it a look as well (I haven't pushed
it staging-4.7 yet):

   git://xenbits.xen.org/people/sstabellini/xen-unstable.git staging-4.7-xsa254

I will have a look.

Thanks again!

This looks good to me. Thank you for backporting them to 4.7.


Julien Grall

Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.