From mboxrd@z Thu Jan  1 00:00:00 1970
From: Joanna Rutkowska <joanna@invisiblethingslab.com>
Subject: Re: Xen 4.1.x security support
Date: Tue, 17 Sep 2013 21:55:22 +0200
Message-ID: <5238B3AA.3090805@invisiblethingslab.com>
References: <52377FC0.6000302@invisiblethingslab.com>
	<5238172E02000078000F3DBB@nat28.tlf.novell.com>
	<52389387.10008@invisiblethingslab.com>
	<52389516.7020905@invisiblethingslab.com>
	<1379445486.11304.195.camel@hastur.hellion.org.uk>
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="===============5025162510735461861=="
Return-path: <xen-devel-bounces@lists.xen.org>
In-Reply-To: <1379445486.11304.195.camel@hastur.hellion.org.uk>
List-Unsubscribe: <http://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <http://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=subscribe>
Sender: xen-devel-bounces@lists.xen.org
Errors-To: xen-devel-bounces@lists.xen.org
To: Ian Campbell <ian.campbell@citrix.com>
Cc: =?ISO-8859-1?Q?Marek_Marczykowski-?= =?ISO-8859-1?Q?G=F3recki?= <marmarek@invisiblethingslab.com>, Jan Beulich <JBeulich@suse.com>, "xen-devel@lists.xen.org" <xen-devel@lists.xen.org>
List-Id: xen-devel@lists.xenproject.org

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--===============5025162510735461861==
Content-Type: multipart/signed; micalg=pgp-sha1;
 protocol="application/pgp-signature";
 boundary="------------enig27DC0C7B3913C520F32C4D61"

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig27DC0C7B3913C520F32C4D61
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

On 09/17/13 21:18, Ian Campbell wrote:
> On Tue, 2013-09-17 at 19:44 +0200, Joanna Rutkowska wrote:
>> On 09/17/13 19:38, Joanna Rutkowska wrote:
>>> On 09/17/13 08:47, Jan Beulich wrote:
>>>>>>> On 17.09.13 at 00:01, Marek Marczykowski-G=F3recki<marmarek@invis=
iblethingslab.com> wrote:
>>>>> 4.1.6.1 was announced as the last 4.1.x release. Does it mean that =
further
>>>>> XSAs will not carry patches for 4.1?
>>>>
>>>> That's the way I view it, but that doesn't mean it has to be that wa=
y.
>>>>
>>>
>>> That would be rather unfortunate. E.g. we're planning to stick to Xen=

>>> 4.1 for our Qubes R2 release. There are some problems with Xen 4.2 su=
ch
>>> as the GPLPV Windows drivers not working with it correctly.
>>>
>>> I could imagine that it should not be very costly for xen.org to
>>> backport each XSA patch to 4.1, should it?
>=20
> Well, it rather depends on nature of the patch doesn't it. Some are har=
d
> and some are easy.
>=20
> AFAIK the security team would be happy to receive and distribute
> additional backports to older versions done by community members e.g.
> those on the predisclosure list.
>=20
>> And a somehow more general thought: what most people expect from
>> baremetal hypervisors, I think, is stability. Unlike the Linux kernel,=

>> the Xen hypervisor does not need to support each and every device
>> invented on the planet, each and every possible filesystem, or
>> networking stack, etc. That's, in fact, (one of) the biggest advantage=

>> of a hypervisor over a monolithic kernel. So, why, oh why, such a race=

>> to keep bumping the major version over and over again?
>=20
> What race are you talking about? Do you think we should do something
> other than bump the version when we cut a new release? or do you think
> we should add features to stable branches or something?
>=20

My point was that you should be adding very few features or none at all,
keep the hypervisor as simple as possible, do not change the management
stack all the time, etc. Otherwise it makes it difficult for other
projects/products who use Xen to catch up. What version does Xen Client
use, BTW?

Really, who needs nested virtualization, or XSM -- these are of pure
academic interest and only make the hypervisor unnecessary bloated, IMO.
Why not keep everything that is not "core" as separate repos/projects,
conditionally compiled/linked with the core hypervisor?

When a hypervisor gets too complex it suddenly looses all its appeal
over a traditional kernel, doesn't it?

joanna.


--------------enig27DC0C7B3913C520F32C4D61
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQEcBAEBAgAGBQJSOLOqAAoJEJwtLfzExk0L/xwH/RE9h6d4WMnGSntAEeCiJi1P
qfs/NJF0zAT1uAZYInQQ82Le0mUwqQkTHXaOP9/Y3n7wV1RnsEA3+g1jgey6gYOF
SyohNb2Cq4sJEtqFGYreTQcgpj/nlZHmWI4pyckVIqVuSRNrhofITIj8T4XV669Y
wY1R+DA27j43GXv03/8s+JKnOq99nD6aT+Kezylvd3Z6rvXcX2cJEkdo3x1WGOYp
dKlocjsYQE0wmBCTzgKsBpDJDuttzBUbZGGASdRpBRNIwEFqO7cqVSjodD59MJWo
19UBHyYdEzjVRSBgsJzEBrecQbkXVoAwDx2rtshNfPTp/Woy3s4Hb2HfkWj2dhY=
=m34j
-----END PGP SIGNATURE-----

--------------enig27DC0C7B3913C520F32C4D61--


--===============5025162510735461861==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel

--===============5025162510735461861==--