Hi!

There is bunch of XEN security fixes in the pipeline:

CVE-2022-23036, CVE-2022-23037, CVE-2022-23038, CVE-2022-23039,
CVE-2022-23040 : Xen: fix race conditions, resulting in potential data
leaks, data corruption, DoS by malicious backends

CVE-2022-23041: Xen: fix race conditions, resulting in potential data
leaks, data corruption, DoS by malicious backends

CVE-2022-23042: Xen: fix race conditions, resulting in potential data
leaks, data corruption, DoS by malicious backends

There's a bunch of patches fixing those, but backporting them to 4.4
would not be exactly easy. Our scripts show XEN as being used, but I
suspect that's a mistake.

Reneasas, can you confirm if you are using XEN in your arm64 products?
If not, it would be good to disable it in the configs.

Could we disable XEN in qemu configs? I don't believe it makes much
sense.

./4.19.y-cip/arm64/qemu_arm64_defconfig:CONFIG_XEN=y
./4.19.y-cip/arm64/qemu_arm64_defconfig:CONFIG_XEN_GNTDEV=y
./4.19.y-cip/arm64/qemu_arm64_defconfig:CONFIG_XEN_GRANT_DEV_ALLOC=y
./4.19.y-cip/arm64/renesas_defconfig:CONFIG_XEN=y
./5.10.y-cip/arm64/qemu_arm64_defconfig:CONFIG_XEN=y
./5.10.y-cip/arm64/qemu_arm64_defconfig:CONFIG_XEN_GNTDEV=y
./5.10.y-cip/arm64/qemu_arm64_defconfig:CONFIG_XEN_GRANT_DEV_ALLOC=y
./5.10.y-cip/arm64/renesas_defconfig:CONFIG_XEN=y
./4.19.y-cip-rt/arm64/renesas-rt_defconfig:CONFIG_XEN=y
./5.10.y-cip-rt/arm64/renesas-rt_defconfig:CONFIG_XEN=y

Best regards,
								Pavel
-- 
DENX Software Engineering GmbH,      Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany