From mboxrd@z Thu Jan  1 00:00:00 1970
From: George Dunlap <george.dunlap@citrix.com>
Subject: Re: Impact of HW vulnerabilities & Implications on
 Security Vulnerability Process
Date: Wed, 7 Sep 2016 16:59:34 +0100
Message-ID: <016f1ff8-ae34-9cdb-b3eb-4ac6574d8312@citrix.com>
References: <756113F8-E098-4F55-9331-AE02FF61E72D@gmail.com>
 <22480.13129.281839.14168@mariner.uk.xensource.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
Return-path: <xen-devel-bounces@lists.xen.org>
Received: from mail6.bemta6.messagelabs.com ([193.109.254.103])
 by lists.xenproject.org with esmtp (Exim 4.84_2)
 (envelope-from <prvs=051478c3a=George.Dunlap@citrix.com>)
 id 1bhfGE-00061N-UM
 for xen-devel@lists.xenproject.org; Wed, 07 Sep 2016 15:59:39 +0000
In-Reply-To: <22480.13129.281839.14168@mariner.uk.xensource.com>
List-Unsubscribe: <https://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
 <mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <https://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
 <mailto:xen-devel-request@lists.xen.org?subject=subscribe>
Errors-To: xen-devel-bounces@lists.xen.org
Sender: "Xen-devel" <xen-devel-bounces@lists.xen.org>
To: Ian Jackson <ian.jackson@eu.citrix.com>, Lars Kurth <lars.kurth.xen@gmail.com>
Cc: xen-devel <xen-devel@lists.xenproject.org>, committers@xenproject.org
List-Id: xen-devel@lists.xenproject.org

T24gMDcvMDkvMTYgMTY6MzMsIElhbiBKYWNrc29uIHdyb3RlOgo+IExhcnMgS3VydGggd3JpdGVz
ICgiSW1wYWN0IG9mIEhXIHZ1bG5lcmFiaWxpdGllcyAmIEltcGxpY2F0aW9ucyBvbiBTZWN1cml0
eSBWdWxuZXJhYmlsaXR5IFByb2Nlc3MiKToKPj4gQSBmZXcgeWVhcnMgYWdvIGl0IHdhcyBkaXNj
b3ZlcmVkIHRoYXQgbXVjaCBvZiB0aGUgUkFNIHNoaXBwZWQgaW4gb3VyCj4+IGNvbXB1dGVycyBj
b250YWlucyBmbGF3cyB3aGljaCBhbGxvdyAibGVha2FnZSIgYWNyb3NzIHJvd3M7IGVmZmVjdGl2
ZWx5Cj4+IGFsbG93aW5nIHByb2dyYW1zIHRvIHVzZSBhY2Nlc3MgdG8gb25lIGJpdCBvZiBtZW1v
cnkgdG8gZmxpcCBiaXRzIGluCj4+IG90aGVyIHBhcnRzIG9mIG1lbW9yeSB0byB3aGljaCB0aGV5
IGhhdmUgYmVlbiBzcGVjaWZpY2FsbHkgZGVuaWVkCj4+IGFjY2Vzcy4gIFRoaXMgaGFzIGF0dGFj
ayBvbiBmYXVsdHkgaGFyZHdhcmUgaGFzIGJlZW4gZHViYmVkICJyb3doYW1tZXIiIAo+PiBbMV0u
Cj4gLi4uCj4gCj4+IEZyb20gbXkgcGVyc3BlY3RpdmUsIHRoZXJlIGFyZSBhIG51bWJlciBvZiBk
aWZmZXJpbmcgZ29hbHMgd2UgYXJlIHRyeWluZyAKPj4gdG8gYWNoaWV2ZSB3aXRoIHRoZSBwcm9j
ZXNzCj4gLi4uCj4+IGIpIElmIGFscmVhZHkgcHVibGljIChvciBhdCBkaXNjbG9zdXJlIHRpbWUp
LCBlbnN1cmUgdGhhdCBvdXIgdXNlcnMgaGF2ZSAKPj4gICAgYWxsIHRoZSBpbmZvcm1hdGlvbiB0
byBtYWtlIHRoZSByaWdodCBjaG9pY2VzCj4gCj4gVGhpcyBpcyBteSBjb25jZXJuLgo+IAo+IEZy
b20gbXkgUE9WIFhTQXMgYXJlIGEgY29udmVuaWVudCBlc3RhYmxpc2hlZCBmb3JtYXQgYW5kIHBy
b2Nlc3MuCj4gCj4gSG93ZXZlciwgSSBkb24ndCB0aGluayB0aGlzIG5lY2Vzc2FyaWx5IG5lZWRz
IHRvIGJlIGRlYWx0IHdpdGggYnkKPiBpc3N1aW5nIGFuIGFjdHVhbCBYU0EsIHBhcnRpY3VsYXJs
eSBpZiB0aGVyZSBhcmUgb3RoZXIgcmVhc29ucyBmb3IKPiBkb2luZyB0aGluZ3MgZGlmZmVyZW50
bHkuICBXZSBjb3VsZCBicmllZiBvdXIgdXNlcnMgYnkgd3JpdGluZyBzb21lCj4gb3RoZXIga2lu
ZCBvZiBtZXNzYWdlLCBwZXJoYXBzIHBvc3RlZCBvbiB4ZW4tYW5ub3VuY2UuCj4gCj4gSW5kZWVk
IHNldmVyYWwgYXNwZWN0cyBvZiB0aGUgWFNBIHByb2Nlc3MgYXJlIG5vdCByZWFsbHkgYXBwbGlj
YWJsZS4KPiAKPiBPbmUgbWFpbiByZWFzb24gZm9yIGlzc3VpbmcgYW4gWFNBIGZvciBhbiBvcmRp
bmFyeSBzb2Z0d2FyZSBidWcgaXMKPiB0aGF0IGl0IGFsbG93cyB0aGUgaXNzdWUsIGFuZCBpdHMg
Zml4LCB0byBiZSB0cmFja2VkIGluIGEgc3RhbmRhcmRpc2VkCj4gd2F5LiAgQ1ZFcyBwZXJmb3Jt
IHRoZSBzYW1lIGZ1bmN0aW9uLCB3aXRoIGEgbW9yZSBnZW5lcmFsIHNjb3BlLgo+IAo+IEJ1dCwg
d2Ugd291bGQgbm90IGV4cGVjdCB0byBnZXQgYSBDVkUgZm9yIHdoYXQgcmVhbGx5IGFtb3VudHMg
dG8gYQo+IGhhcmR3YXJlIHF1YWxpdHkgaXNzdWUuICBBbmQgd2hlcmUgdGhlcmUgY2FuIGJlIGxp
dHRsZSB1c2VmdWwgd2F5IG9mCj4gYXZvaWRpbmcgYSBoYXJkd2FyZSBidWcgYnkgYWRkaW5nIHdv
cmthcm91bmRzIHRvIHRoZSBzb2Z0d2FyZQo+IChzcGVjaWZpY2FsbHksIGluIG91ciBjYXNlLCBi
eSBtb2RpZnlpbmcgWGVuKSwgdGhlcmUgaXMgbm8gbmVlZCB0bwo+IHRyYWNrIHdoZXRoZXIgYW55
IHBhcnRpY3VsYXIgY29kZWJhc2UgaGFzIHRoZSBtaXRpZ2F0aW9uLgo+IAo+IFNvIHRoZXJlIGlz
IGxpdHRsZSBiZW5lZml0IGluIGFzc2lnbmluZyBhIG51bWJlci4KPiAKPiBVbmxpa2Ugd2l0aCBz
b2Z0d2FyZSBidWdzLCB0aGVyZSBpcyBhbHNvIHJlbGF0aXZlbHkgbGl0dGxlIGJlbmVmaXQgaW4K
PiBoYXZpbmcgcm93aGFtbWVyIGxpc3RlZCBvbiBhIHdlYiBwYWdlIGFsb25nc2lkZSBzb2Z0d2Fy
ZSBidWdzLgo+IAo+IFRoZSBYU0EgYWR2aXNvcnkgdGVtcGxhdGUgZm9ybWF0IGRvZXMgbm90IGxl
bmQgaXRzZWxmIHdlbGwgdG8gdGhpcwo+IGlzc3VlLCBhcyBJIGZvdW5kIHdoZW4gSSB0cmllZCB0
byB3cml0ZSBhIGRyYWZ0LiAgV2hpbGUgZG9lcyBoYXZlIHRoZQo+IGJlbmVmaXQgb2YgYmVpbmcg
aW4gYSBmb3JtYXQgd2hpY2ggaXMgZmFtaWxpYXIgdG8gdXNlcnMsIHVzZXIgcmVzcG9uc2UKPiB3
aWxsIGhhdmUgdG8gYmUgcXVpdGUgZGlmZmVyZW50LiAgQW5kIHRoZSBsZXZlbCBvZiB1bmNlcnRh
aW50eSBhbmQKPiBoYXJkd2FyZS1kZXBlbmRlbmNlIG1lYW5zIHRoYXQgdGhlIHVzdWFsIHF1ZXN0
aW9ucyBzdWNoIGFzIGBJbXBhY3QnCj4gYW5kIGBWdWxuZXJhYmxlIHN5c3RlbXMnIGhhdmUgdW5z
YXRpc2ZhY3Rvcnkgbm9uLWFuc3dlcnMsIGluIHN1Y2ggYQo+IGJ1bGxldGluLgo+IAo+IFdlIGRp
ZCBpc3N1ZSBYU0EtMyBmb3IgYSBtaXRpZ2F0aW9ubGVzcyBoYXJkd2FyZSBkZXNpZ24gcHJvYmxl
bS4gIEJ1dAo+IHRoYXQgd2FzIGluIGEgdmVyeSBkaWZmZXJlbnQgZW52aXJvbm1lbnQ6IHRoZSBY
U0EgcHJvY2VzcyB3YXMgbm90IGFzCj4gZm9ybWFsbHkgZXN0YWJsaXNoZWQgYXMgaXQgaXMgbm93
LCBhbmQgdGhlIHB1YmxpY2l0eSBpbXBsaWNhdGlvbnMgd2VyZQo+IGRpZmZlcmVudC4KPiAKPj4g
VGVjaG5pY2FsCj4+ID09PT09PT09PQo+PiBPbiB0aGUgdGVjaG5pY2FsIGZyb250LCBpdCB3b3Vs
ZCBiZSBnb29kIHRvIHVuZGVyc3RhbmQgd2hldGhlcgo+PiBhKSBUaGlzIGlzIGEgcmVhbCB0aHJl
YXQgYW5kIHdoZXRoZXIgdGh1cywgd2UgYXMgYSBjb21tdW5pdHkgbmVlZCB0byAKPj4gICAgdGFr
ZSBhY3Rpb24gCj4gCj4gSXQgaXMgdW5jbGVhciB3aGF0IGFjdGlvbiB0aGUgWGVuIHVwc3RyZWFt
IGNvbW11bml0eSBjYW4gdXNlZnVsbHkKPiB0YWtlLCBvdGhlciB0aGFuIHByb3ZpZGluZyB1c2Vy
cyB3aXRoIGluZm9ybWF0aW9uLgo+IAo+IEJ1dCwgdXNlcnMgd2l0aCBkZXBsb3ltZW50cyBvbiBh
Y3R1YWwgaGFyZHdhcmUgb3VnaHQgdG8gdHJ5IHRvIGZpbmQKPiBvdXQgd2hldGhlciB0aGV5IGFy
ZSB2dWxuZXJhYmxlLiAgSWYgdGhleSBhcmUgdGhlbiB0aGV5IGNvdWxkIHNlZWsKPiByZXBsYWNl
bWVudCBub24tZmF1bHR5IGhhcmR3YXJlIGZyb20gdGhlaXIgdmVuZG9yLCBvciB0YWtlIHVucGxl
YXNhbnQKPiBtaWdpdGF0aW9uIG1lYXN1cmVzIChsaWtlIHN3aXRjaGluZyB0byBIVk0sIHBlcmhh
cHMpLgo+IAo+PiBiKSBXaGV0aGVyIHRoZSB0ZWNobmlxdWUgZGVzY3JpYmVkIGluIFszXSBpcyBz
ZXJpb3VzIG9uIGJpZyBpcm9uIHdpdGggCj4+ICAgIGRpZmZlcmVudCBjb3JlL2NhY2hlIHByb3Bl
cnRpZXMgY29tcGFyZWQgdG8gc29tZSBvZiB0aGUgbWFjaGluZXMgdGhpcyAKPj4gICAgd2FzIHRl
c3RlZCBvbgo+IAo+IFRoaXMgaXMgYSBiaWcgcXVlc3Rpb24uCj4gCj4+IGMpIFdoZXRoZXIgdGhl
cmUgaXMgYW55IG1pdGlnYXRpb24gdGhhdCB3ZSBjYW4gZGV2ZWxvcCwgaWYgbmVjZXNzYXJ5Cj4g
Cj4gQUlVSSB0aGVyZSBpcyBsaXR0bGUgdG8gYmUgZG9uZS4gIEJ1dCwgSSBsb29rIGZvcndhcmQg
dG8gYmVpbmcgcHJvdmVuCj4gd3JvbmcuCgpUaGUgYXR0YWNrIGRlc2NyaWJlZCBpbiBbNF0gcmVs
aWVzIG9uIHRoZSBmYWN0IHRoYXQgdGhlIGF0dGFja2VyIGtub3dzCnRoZSBtZm4gb2YgdGhlIEwy
IHBhZ2V0YWJsZXMgYmVpbmcgdXNlZCBieSB0aGUgaGFyZHdhcmUuICBVc2luZyBzaGFkb3dzCmZv
ciB0aGUgTDIrIHBhZ2V0YWJsZXMgd291bGQgdGh3YXJ0IHRoYXQgcGFydGljdWxhciBhdHRhY2ss
IGFuZApzaG91bGRuJ3QgaW4gdGhlb3J5IGNhdXNlIHRvbyBtdWNoIG92ZXJoZWFkLgoKQnV0IHRo
YXQgd291bGQgb25seSB0aHdhcnQgYSBwYXJ0aWN1bGFyIGF0dGFjay4gIE90aGVyIGF0dGFja3Mg
YXJlCmNlcnRhaW4gdG8gZGV2ZWxvcDsgd2UgY2FuIG9ubHkgc3Ryb25nbHkgYWR2aXNlIGFsbCBv
dXIgdXNlcnMgdGhhdCBpZgp0aGV5IGV4cGVjdCB0byBoYXZlIGRldGVybWluZWQgYWR2ZXJzYXJp
ZXMgaW5zaWRlIHRoZWlyIGd1ZXN0cywgdGhhdAp0aGV5IHNob3VsZCBtYWtlIGV2ZXJ5IGVmZm9y
dCB0byB1c2UgUkFNIHdoaWNoIGlzIG5vdCB2dWxuZXJhYmxlIHRvCnJvd2hhbW1lciBhdHRhY2tz
LgoKIC1HZW9yZ2UKCl9fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f
X19fClhlbi1kZXZlbCBtYWlsaW5nIGxpc3QKWGVuLWRldmVsQGxpc3RzLnhlbi5vcmcKaHR0cHM6
Ly9saXN0cy54ZW4ub3JnL3hlbi1kZXZlbAo=