From mboxrd@z Thu Jan 1 00:00:00 1970 From: Stefan Bader Subject: Re: Fwd: Xen-4.1.6.1 backport for XSA156 Date: Fri, 20 Nov 2015 17:10:06 +0100 Message-ID: <564F45DE.1010504@canonical.com> References: <564F0603.2080708@canonical.com> <564F363B.3010802@canonical.com> <564F518602000078000B7496@prv-mh.provo.novell.com> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="===============8233798223229510654==" Return-path: Received: from mail6.bemta14.messagelabs.com ([193.109.254.103]) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1ZzoGO-00086G-0B for xen-devel@lists.xenproject.org; Fri, 20 Nov 2015 16:10:16 +0000 In-Reply-To: <564F518602000078000B7496@prv-mh.provo.novell.com> List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xen.org Errors-To: xen-devel-bounces@lists.xen.org To: Jan Beulich Cc: xen-devel List-Id: xen-devel@lists.xenproject.org This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --===============8233798223229510654== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="VFVg7GU1JNXOrEDn6WGbR7N5XO7NAA7cv" This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --VFVg7GU1JNXOrEDn6WGbR7N5XO7NAA7cv Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable On 20.11.2015 16:59, Jan Beulich wrote: >>>> On 20.11.15 at 16:03, wrote: >> I am currently trying to backport the changes of XSA156 back to Xen-4.= 1.x and I >> am struggling with the VMX side. I did see the backports made for 4.2 = and 3.4 on >> the security mailing list but I am not sure the 3.4 backport is not ha= ving the >> same issues (or similar ones). >> >> Trying to write down my understanding of the changes: For the 3.4 back= port there >> are only changes to the toggles for debugging and the general trap mas= k. So if I >> understand this right, before the change, TRAP_debug and TRAP_int3 wer= e only >> handled in vmexit when a debugger was attached to the domain. Now, onl= y >> TRAP_int3 will be toggled and TRAP_debug is always handled. >=20 > I've never looked at that 3.4 backport, but not changing the VMEXIT > handling certainly sounds wrong. I'll attach what I have done for 4.1. > Please report back any problems you encounter. If I am not missing any detail your 4.1 patch looks exactly the same as t= he version I ended up with (basically dropping some trace). Have you tested the resulting HV on an Intel/VMX box and tried to use ptr= ace inside the HVM guest? This is where my problems come from. Or potentially your vmx_inject_hw_ex= ception has been modified since stable-4.1.6.1? -Stefan >=20 > Jan >=20 --VFVg7GU1JNXOrEDn6WGbR7N5XO7NAA7cv Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iQIcBAEBCgAGBQJWT0XlAAoJEOhnXe7L7s6jd7AP/1wnji8K64oMhkqhRlnoKZRJ 8CxvtDffrN0WqRdx4O351WzYWetP0oxNpwGoKafTSZ0wdKzAbWca+x2HpMi5r/iv diXfeooVKobIZK+IFif4D2mAAM9qEO7AOLDH7gcaFbteEbTknImEPseeAPtBsfyP WMoZHJshYqMbomkv+lOWpsXSNRzpG30ctBYP88pncJu+S0YkASrQMjs5/TDbMedb e2tUFEjjOvv/mOeDEA5Yk7OLCoRcaGceaz3IZjyjnilM/m4Xcu2vlr0AbE3GR5H4 Nhwu+aN0evEF4nxXQNh1eRug6izkfEaN7oIMrkKHmwKlqAhNqv9W08Fgj8rjULKY 3UFmLG8AL6/ID0RSolLE3BzajTzzbtKIdU1Ode8m/ncNTd9VnTDxRkFhiGbw3M7r N2AkG8IW1Hxn7F7tXpXkNe/uRK1uhiAGU6foWT2fr6pKpl/hWliKUQJULO9fRCGd CWbXxdKpTwRMVwApzdiA8a5m/QoTeKgYkWzlx7orkqkVAhPT48K4mS+L/OV9FIam 7xap2jdOKpH7WIdHN4Mp3jW3VwLTk9Uc1i481+Rgz7SBCu6gkv+zSX3iteEu6zxs 6wsqqXCS9hsCAAnjpsUjcYi3i9D2vc7NQGX6CFT474ZO62f4H+WjwEMnWlfaVDfL nHM6H8vG8YWNWewD5Bg4 =gPZ+ -----END PGP SIGNATURE----- --VFVg7GU1JNXOrEDn6WGbR7N5XO7NAA7cv-- --===============8233798223229510654== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen-devel --===============8233798223229510654==--