Xen project Mailing List

Re: [Xen-devel] Xen Security Advisory 255 - grant table v2 -> v1 transition may crash Xen

Date: Wed, 28 Feb 2018 01:48:16 +1100

Delivery-date: Tue, 27 Feb 2018 14:48:32 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On Wednesday, 28 February 2018 1:36:14 AM AEDT George Dunlap wrote: > On 02/27/2018 02:22 PM, Jan Beulich wrote: > >>>> On 27.02.18 at 13:37, <netwiz@xxxxxxxxx> wrote: > >> On Tuesday, 27 February 2018 11:00:08 PM AEDT Xen. org security team wrote: > >>> RESOLUTION > >>> ========== > >>> > >>> Applying the appropriate attached patch resolves this issue. > >>> > >>> xsa255-?.patch xen-unstable, Xen 4.10.x > >>> xsa255-4.9-?.patch Xen 4.9.x, Xen 4.8.x > >>> xsa255-4.7-?.patch Xen 4.7.x > >>> xsa255-4.6-?.patch Xen 4.6.x > >> > >> Is there a missing pre-requisite patch required for 4.6.6? > >> > >> I'm currently getting a failure on these patches as follows: > >> > >> Patch #55 (xsa255-4.6-1.patch): > >> + echo 'Patch #55 (xsa255-4.6-1.patch):' > >> + /bin/cat /builddir/build/SOURCES/xsa255-4.6-1.patch > >> + /usr/bin/patch -p1 --fuzz=2 > >> patching file xen/arch/arm/domain.c > >> patching file xen/arch/arm/mm.c > >> Hunk #2 FAILED at 1075. > >> Hunk #3 FAILED at 1090. > >> 2 out of 3 hunks FAILED -- saving rejects to file xen/arch/arm/mm.c.rej > > > > I've just applied the patches to all stable branches, and they all > > applied fine, including the 4.6 ones. Are you perhaps missing the > > XSA-235 fix there? In any event, as said a number of times in > > the past, the patches we provide are against the staging branches > > for the respective stable versions; we don't guarantee patches > > apply to vanilla stable releases. > > And as other people have said several times, most downstreams don't > build from stable-XX, but take a tarball and add patches to it. I > expect Steven was asking if someone could point him to specific commits > from stable-XX that might be required. Hi George, Yes, you are correct. As XSA-235 was an ARM only issue (and I don't build anything for ARM), these usually get skipped in my packaging. As XSA-255 is *both* ARM & x86, it needed that extra bit of TLC... This probably makes it a little unique in how XSAs are normally presented. I did look at the two patches in XSA-255, but it looked like there is a combination of both ARM & x86 changes in specifically the -2 patch which lead me to the conclusion that I couldn't just remove one patch to take out the common and x86 parts. I figured something was missing, but wasn't able to track it back to the patch from August last year. Thanks to Jan for the pointers to the missing requirement - I've got packages built for 4.6 now to push shortly. -- Steven Haigh 📧 netwiz@xxxxxxxxx 💻 http://www.crc.id.au 📞 +61 (3) 9001 6090 📱 0412 935 897

Attachment: signature.asc
Description: This is a digitally signed message part.

_______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxxx https://lists.xenproject.org/mailman/listinfo/xen-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.