Hi!

> > At the IRC meeting (May 14th), the following two security patches were discussed. 
> > 
> >  a. CVE related to KVM SVM on x86,
> >  b. XDP sockets enabled for Cyclone V
> > 
> > They were recently ported to upstream, and we would like to decide whether they should be backported to CIP or not.
> 
> Why did not stable pick them up? Because they require active backporting
> work to make them apply?

Yes, IIRC.

> > Regarding a., SVM is for AMD CPUs only, so it might not actually be used.
> > If it is the case, we would like to ignore this patch.
> 
> In general, KVM on AMD was surely a niche over the past years. Since
> Ryzen, this changed again, also for embedded.
> 
> That said, I'm not aware of active use on our side at this point, but I
> may not have the full overview, and I can't speak for other members.
> 
> > 
> > Regarding b., XDP (express data path) is used for network intensive workloads to bypass certain parts of the network stack So, it may be used by big tech / web stuff, not embedded.
> 
> XDP plays an essential role in deterministic networking, thus is
> absolutely an embedded thing as well. But that usually goes along with
> TSN, though it may not be limited to it.

Ok, good to know.

So... there are few reasons why it is important to know what is in use
or not:

1) If we see patch in stable, how much effort should be spent
reviewing it?

2) If we see a bad bug (probably CVE) that needs a backport, should we
backport this one? (or wait for someone else to do the work?)

Best regards,
									Pavel
-- 
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html