From: Peter Maydell <peter.maydell@linaro.org>
To: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Cc: "xen-devel@lists.xensource.com Devel"
<xen-devel@lists.xensource.com>,
QEMU Developers <qemu-devel@nongnu.org>,
JBeulich@suse.com
Subject: Re: [Qemu-devel] [PATCH 0/11] Xen PCI Passthrough security fixes
Date: Tue, 2 Jun 2015 16:51:21 +0100 [thread overview]
Message-ID: <CAFEAcA9stcCU-q_8inq8zxkdS7o6vP8s-n0u93St_r_oceCcvw@mail.gmail.com> (raw)
In-Reply-To: <alpine.DEB.2.02.1506021630170.19838@kaball.uk.xensource.com>
On 2 June 2015 at 16:32, Stefano Stabellini
<stefano.stabellini@eu.citrix.com> wrote:
> On Tue, 2 Jun 2015, Stefano Stabellini wrote:
>> Hi all,
>>
>> the following is a collection of QEMU security fixes for PCI Passthrough
>> on Xen. Non-Xen usages of QEMU are unaffected.
>>
>> Although the CVEs have already been made public, given the large amount
>> of changes, I decided not to send a pull request without giving a chance
>> to the QEMU community to comment on the patches first.
>
> Peter convinced me to send out a pull request immediately. If anybody
> has any comments on the patches, we can still fix them up later or even
> revert them if that becomes necessary.
For the record, the rationale is:
* fixes for CVEs will have been reviewed during the nondisclosure period
* getting security fixes into master in a timely fashion is important
* having the patches in upstream master be different from the ones
advertised with the CVE can cause confusion about which are "correct"
* if there are any problems with the CVE fixes (stylistic or otherwise)
we can correct them with followup patches
Our workflow/process for handling security issues is not set in
stone (indeed it's evolving a bit at the moment), so comments/suggestions
welcome.
thanks
-- PMM
next prev parent reply other threads:[~2015-06-02 15:51 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-06-02 15:08 [Qemu-devel] [PATCH 0/11] Xen PCI Passthrough security fixes Stefano Stabellini
2015-06-02 15:10 ` [Qemu-devel] [PATCH 01/11] xen: properly gate host writes of modified PCI CFG contents Stefano Stabellini
2015-06-02 15:10 ` [Qemu-devel] [PATCH 02/11] xen: don't allow guest to control MSI mask register Stefano Stabellini
2015-06-02 15:10 ` [Qemu-devel] [PATCH 03/11] xen/MSI-X: limit error messages Stefano Stabellini
2015-06-02 15:10 ` [Qemu-devel] [PATCH 04/11] xen/MSI: don't open-code pass-through of enable bit modifications Stefano Stabellini
2015-06-02 15:10 ` [Qemu-devel] [PATCH 05/11] xen/pt: consolidate PM capability emu_mask Stefano Stabellini
2015-06-02 15:10 ` [Qemu-devel] [PATCH 06/11] xen/pt: correctly handle PM status bit Stefano Stabellini
2015-06-02 15:10 ` [Qemu-devel] [PATCH 07/11] xen/pt: split out calculation of throughable mask in PCI config space handling Stefano Stabellini
2015-06-02 15:10 ` [Qemu-devel] [PATCH 08/11] xen/pt: mark all PCIe capability bits read-only Stefano Stabellini
2015-06-02 15:10 ` [Qemu-devel] [PATCH 09/11] xen/pt: mark reserved bits in PCI config space fields Stefano Stabellini
2015-06-02 15:10 ` [Qemu-devel] [PATCH 10/11] xen/pt: add a few PCI config space field descriptions Stefano Stabellini
2015-06-02 15:10 ` [Qemu-devel] [PATCH 11/11] xen/pt: unknown PCI config space fields should be read-only Stefano Stabellini
2015-06-02 15:32 ` [Qemu-devel] [PATCH 0/11] Xen PCI Passthrough security fixes Stefano Stabellini
2015-06-02 15:51 ` Peter Maydell [this message]
2015-06-02 15:47 ` [Qemu-devel] [Xen-devel] " Ian Campbell
2015-06-17 12:38 ` Ian Campbell
2015-06-17 13:52 ` Stefano Stabellini
2015-06-17 13:54 ` Ian Campbell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAFEAcA9stcCU-q_8inq8zxkdS7o6vP8s-n0u93St_r_oceCcvw@mail.gmail.com \
--to=peter.maydell@linaro.org \
--cc=JBeulich@suse.com \
--cc=qemu-devel@nongnu.org \
--cc=stefano.stabellini@eu.citrix.com \
--cc=xen-devel@lists.xensource.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).