[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v2] xen/arm: fix gnttab_need_iommu_mapping

On Mon, 8 Feb 2021 at 20:24, Stefano Stabellini <sstabellini@xxxxxxxxxx> wrote:
> > @Ian, I think this wants to go in 4.15. Without it, Xen may receive an IOMMU
> > fault for DMA transaction using granted page.
> >
> > > Backport: 4.12+
> > >
> > > ---
> > >
> > > Given the severity of the bug, I would like to request this patch to be
> > > backported to 4.12 too, even if 4.12 is security-fixes only since Oct
> > > 2020.
> >
> > I would agree that the bug is bad, but it is not clear to me why this would 
> > be
> > warrant for an exception for backporting. Can you outline what's the worse
> > that can happen?
> >
> > Correct me if I am wrong, if one can hit this error, then it should be 
> > pretty
> > reliable. Therefore, anyone wanted to use 4.12 in production should have 
> > seen
> > if the error on there setup by now (4.12 has been out for nearly two years).
> > If not, then they are most likely not affected.
> >
> > Any new users of Xen should use the latest stable rather than starting with 
> > an
> > old version.
> Yes, the bug reproduces reliably but it takes more than a smoke test to
> find it. That's why it wasn't found by OSSTest and also our internal
> CI-loop at Xilinx.

Ok. So a user should be able to catch it during testing, is that correct?

> Users can be very slow at upgrading, so I am worried that 4.12 might still
> be picked by somebody, especially given that it is still security
> supported for a while.

Don't tell me about upgrading Xen... ;) But I am a bit confused, are
you worried about existing users or new users?

> > Other than the seriousness of the bug, I think there is also a fairness
> > concern.
> >
> > So far our rules says there is only security support backport allowed. If we
> > start granting exception, then we need a way to prevent abuse of it. To take
> > an extreme example, why one couldn't ask backport for 4.2?
> >
> > That said, I vaguely remember this topic was brought up a few time on
> > security@. So maybe it is time to have a new discussion about stable tree.
> I wouldn't consider a backport for a tree that is closed even for
> security backports. So in your example, I'd say no to a backport to 4.2
> or 4.10.
> I think there is a valid question for trees that are still open to
> security fixes but not general backports.
> For these cases, I would just follow a simple rule of thumb:

Aren't those rules already used for stable trees?

> - is the submitter willing to provide the backport?
> - is the backport low-risk?
> - is the underlying bug important?

You wrote multiple times that this is serious but it is still not
clear what's the worse that can happen...

> If the answer to all is "yes" then I'd go with it.
> In this case, given that the fix is a one-liner, and obviously correct,

I have seen one-liners that introduced XSA in the past ;).




Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.