From mboxrd@z Thu Jan  1 00:00:00 1970
From: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Subject: Re: Livepatching and Xen Security
Date: Mon, 22 May 2017 12:05:48 -0400
Message-ID: <20170522160548.GL1030@char.us.oracle.com>
References: <CAFLBxZYK6RuFto8xynaADdkzfqo2Mv6eF6bKyO7tE-svF7y6tg@mail.gmail.com>
 <8b137b97-8083-ed1d-98e2-1e71be57b4dd@citrix.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
Return-path: <xen-devel-bounces@lists.xen.org>
Received: from mail6.bemta3.messagelabs.com ([195.245.230.39])
 by lists.xenproject.org with esmtp (Exim 4.84_2)
 (envelope-from <konrad.wilk@oracle.com>) id 1dCpqM-0008Ej-QL
 for xen-devel@lists.xenproject.org; Mon, 22 May 2017 16:06:02 +0000
Content-Disposition: inline
In-Reply-To: <8b137b97-8083-ed1d-98e2-1e71be57b4dd@citrix.com>
List-Unsubscribe: <https://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
 <mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <https://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
 <mailto:xen-devel-request@lists.xen.org?subject=subscribe>
Errors-To: xen-devel-bounces@lists.xen.org
Sender: "Xen-devel" <xen-devel-bounces@lists.xen.org>
To: Andrew Cooper <andrew.cooper3@citrix.com>
Cc: Lars Kurth <lars.kurth@citrix.com>, Stefano Stabellini <sstabellini@kernel.org>, Wei Liu <liuw@liuw.name>, James Bulpin <James.Bulpin@citrix.com>, Tim Deegan <tim@xen.org>, George Dunlap <george.dunlap@citrix.com>, Jan Beulich <JBeulich@suse.com>, Ian Jackson <Ian.Jackson@citrix.com>, Andrew Halley <andrew.halley@citrix.com>, xen-devel <xen-devel@lists.xenproject.org>
List-Id: xen-devel@lists.xenproject.org

PiA+IDEuIEhhdmluZyB0ZXN0ZWQgbGl2ZS1wYXRjaGluZyB0aG9yb3VnaGx5IGZvciBhdCBsZWFz
dCBzb21lIHZlcnNpb24gb2YKPiA+IHRoZSBjb2RlYmFzZQo+ID4KPiA+IDIuIEhhdmluZyB0ZXN0
ZWQgbGl2ZS1wYXRjaGluZyBmb3Igb25lIG9mIHRoZSBYZW4gNC45IFJDcy4KPiA+Cj4gPiBUaG91
Z2h0cz8KPiAKPiBBcyBhIHN0YXRlbWVudCBvZiB3aGF0IFhlblNlcnZlciBpcyBkb2luZzoKCkFz
IGEgc3RhdGVtZW50IG9mIHdoYXQgT3JhY2xlIGlzIGRvaW5nLgoKV2UgaGF2ZSBiZWVuIHVzaW5n
IGxpdmVwYXRjaGluZyBmb3IgYSB5ZWFyIG9yIHNvLgoKSXQgaXMgYSBiaXQgb2xkZXIgKHRoYW5r
cyB0byBYZW5kIGRlcGVuZGVuY3ksIDxncnVtYmxlPikgc28gbm90IGFzCmZyZXNoIGFzIFhlbiA0
LjkuCgpXZSBoYWQgcXVpdGUgYSBmZXcgb2YgbGl2ZXBhdGNoZXMsIGluY2x1ZGluZyBzb21lIHRo
YXQgYXJlIG5vdApYU0FzLCB3aXRoIHN1Y2Nlc3MuIFdlIGRpZCBydW4gaW4gc29tZSBpc3N1ZXM6
CgogLSBXZSBjb21waWxlZCBYZW4gd2l0aCAnLS1tYXhjcHVzPTM4NCcgYW5kIHRoZSBsaXZlcGF0
Y2ggdG9vbHMgZGlkbid0IGluY2x1ZGUKICAgdGhhdCwgd2hpY2ggbWFkZSBhbGwgdGhlIEdDQyBj
b21waWxlZCBsb2NhbCB2YXJpYWJsZSBuYW1lcyBkaWZmZXJlbnQuIE9uY2Ugd2UKICAgZ290IHRo
ZSAtLW1heGNwdXM9WFlaIHRvIG1hdGNoIGl0IGFsbCB3YXMgZ29vZC4gQnV0IHRoYXQgdG9vayBh
IHdoaWxlCiAgIHRvIGZpZ3VyZSBvdXQuCgogLSBXZSBoYWQgYW4gaW50ZXJlc3RpbmcgaXNzdWUg
d2hlcmUgdGhlIC5maXh1cCBhbmQgLmV4X3RhYmxlIHdlcmUgbm90CiAgIHByb3Blcmx5IHVwZGF0
ZWQgKFJvc3MgZml4ZWQgdGhhdCBpbiB0aGUgdG9vbCB1cHN0cmVhbSBhbmQgaXQgd2FzIGJhY2tw
b3J0ZWQKICAgaW4gbGl2ZXBhdGNoLXRvb2xzKS4gVGhhdCB3YXMgaW4gWGVuIDQuOCB0aW1lZnJh
bWUuCiAgIGh0dHBzOi8vZ2l0aHViLmNvbS9yb3NzbGFnZXJ3YWxsL2xpdmVwYXRjaC1idWlsZC10
b29scy9jb21taXQvYWU3YWUwYzMxODY2ZjZlZTI3MTVhNjAxZmQ1MDY3ZDcwMGQ2MDg0YSAgCgog
LSBSZXBsYWNpbmcgdGhlIGxpdmVwYXRjaCB3aXRoIGFub3RoZXIgaGl0IGEgc25hZyBpZiBib3Ro
IGxpdmVwYXRjaGVzCiAgIGhhZCB0aGUgc2FtZSBzeW1ib2wgbmFtZSAoeDg2X2VtdWxhdGUuYyNf
Z2V0X2ZwdSkuIFdlIGNhbWUgdXAgd2l0aAogICBhIHNrYW5reSB0b29sIChzeW1ib2xfcmVuYW1l
KSB0aGF0IGp1c3QgcmVuYW1lcyBzeW1ib2xzIHdoaWNoIHdlIHVzZQogICB0byBhbHdheXMgcmVu
YW1lIHN5bWJvbHMgKHN5bWJvbF9yZW5hbWUgODNlMDcwNy5saXZlcGF0Y2ggIng4Nl9lbXVsYXRl
LmMjX2dldF9mcHUiIGdldF9mcHVfODNlMDcwNykKClRob3NlIGFyZSBsaXZlcGF0Y2gtdG9vbHMg
aXNzdWVzLCBhbmQgbm90IHRoZSBoeXBlcnZpc29yIGNvZGUgKGFsYmVpdAp0aGUgbGFzdCBvbmUg
Y291bGQgYmUgZml4ZWQgaW4gdGhlIGh5cGVydmlzb3IgYnkgaGF2aW5nIGNvZGUgdG8gZGVhbAp3
aXRoIGdsb2JhbCBhbmQgbG9jYWwgc3ltYm9sIGFuZCBpZ25vcmluZyBjb2xsaXNpb24gd2l0aCBs
b2NhbCBzeW1ib2xzKS4KCldpdGggdGhlIGh5cGVydmlzb3IgY29kZSwgd2UgaGF2ZSBub3QgaGFk
IGFueSBpc3N1ZXMgLSBpdCBoYXMgYmVlbgpydW5uaW5nIHNtb290aGx5IHdpdGggdmFyaW91cyB0
eXBlcyBvZiBndWVzdHMuCgpBbHNvIEkndmUgYmVlbiBydW5uaW5nIChhbG1vc3QgZXZlcnkgbmln
aHQpIGFuIHRlc3Qgb2YgdGhlIGxpdmVwYXRjaGVzCnRoYXQgYXJlIHBhcnQgb2YgdGhlIFhlbiBz
b3VyY2UuCgo+IAo+IEluZGVwZW5kZW50IG9mIHRoaXMsIHRoZSBuYXR1cmUgb2Ygd2hhdCBxdWFs
aWZpZXMgYXMgImEgY29ycmVjdCBwYXRjaCIKPiBpcyBzdWJqZWN0aXZlIGFuZCB2ZXJ5IGNvbnRl
eHQgZGVwZW5kZW50LiAgQ29uc2lkZXIgYSBzY2VuYXJpbyB3aXRoIHR3bwo+IHVzZXJzLCB0aGUg
c2FtZSB2ZXJzaW9uIG9mIHRoZSBsaXZlcGF0Y2ggdG9vbHMsIGFuIGlkZW50aWNhbCBzb3VyY2UK
PiBwYXRjaCwgYW5kIGFuIGlkZW50aWNhbCBzb3VyY2UgdmVyc2lvbiBvZiBYZW4uICBUaGVyZSBp
cyBhIHZlcnkgcmVhbAo+IHBvc3NpYmlsaXR5IHRoYXQgdGhlc2UgdHdvIHVzZXJzIGNvdWxkIGdl
dCBvbmUgdmFsaWQgYW5kIG9uZSBpbnZhbGlkCj4gcGF0Y2ggYmFzZWQgc29sZWx5IG9uIHNvbWV0
aGluZyBsaWtlIHRoZSBjb21waWxlciBzZXR0aW5ncyB1c2VkIHRvIGJ1aWxkCj4gdGhlIGh5cGVy
dmlzb3IgdGhleSBhcmUgcGF0Y2hpbmcuCgpZZXMuIEl0IGlzIGltcGVyYXRpdmUgdGhhdCB0aGUg
bGl2ZXBhdGNoIGJlIGJ1aWx0IG9uIHRoZSBzYW1lIGV4YWN0CmNvbXBpbGVyIGFzIHdoYXQgdGhl
IGh5cGVydmlzb3Igd2FzIGJ1aWx0IHdpdGguIEZvcnR1bmF0bHkgdGhlIGNvbmZpZy5oCmZpbGUg
ZXhwb3NlcyBhbGwgb2YgdGhhdCBzbyBpdCBpcyBlYXN5IGVub3VnaCB0byB2ZXJpZnkgdGhhdC4K
Li5zbmlwLi4KCj4gVGhlcmVmb3JlLCBJIHRoaW5rIGl0IHdvdWxkIGJlIGEgbWlzdGFrZSBmb3Ig
dXMgdG8gaW5jbHVkZSBhbnl0aGluZwo+IHBlcnRhaW5pbmcgdG8gImNyZWF0aW5nIGEgbGl2ZXBh
dGNoLCBjb3JyZWN0IG9yIG90aGVyd2lzZSIgd2l0aGluIGEKPiBzdXBwb3J0IHN0YXRlbWVudC4g
IFRoZXJlIGFyZSBtYW55IHZhcmlhYmxlcyB3aGljaCB3ZSBhcyB1cHN0cmVhbSBjYW4ndAo+IGNv
bnRyb2wuCgpJdCBtYXkgYmUgZ29vZCB0byBpbmNsdWRlIGFuIEZBUSBvciBzdWNoIGRlc2NyaWJp
bmcgc29tZSBvZiB0aGVzZQppc3N1ZXMgKGFrYSBhbiBrbm93bGVkZ2UgYmFzZSkgdGhhdCBkZXRh
aWwgb3VyIGZpbmRpbmdzIGFuZCBob3cKd2Ugd29ya2VkIGFyb3VuZCB0aGVtLgoKSSB3aWxsIHVw
ZGF0ZSB0aGUgV2lraSB3aXRoIGl0IHJlZ2FyZGxlc3Mgb2YgdGhpcyBkaXNjdXNzaW9uLgo+IAo+
IEFzIGZvciB0aGUgNHRoIHBvaW50LCBhYm91dCB3aGF0IGEgZ3Vlc3QgY2FuIGRvIHRvIHByZXZl
bnQgYXBwbGljYXRpb24KPiBvZiBhIGxpdmVwYXRjaC4KPiAKPiBUaGUgZGVmYXVsdCB0aW1lb3V0
IGlzIGluc3VmZmljaWVudCB0byBxdWllc2NlIFhlbiBpZiBhIFZNIHdpdGggYSBmZXcKPiBWQ1BV
cyBpcyBtaWdyYXRpbmcuICBJbiB0aGlzIHNjZW5hcmlvLCBJIGJlbGlldmUgcDJtX2xvY2sgY29u
dGVudGlvbiBpcwo+IHRoZSB1bmRlcmx5aW5nIHJlYXNvbiwgYnV0IHRoZSBwb2ludCBzdGFuZHMg
dGhhdCB0aGVyZSBhcmUgcGxlbnR5IG9mCj4gdGhpbmdzIGEgZ3Vlc3QgY2FuIGRvIHRvIHByZXZl
bnQgWGVuIGJlaW5nIGFibGUgdG8gc3VpdGFibHkgcXVpZXNjZS4KPiAKPiBBcyBhIGhvc3QgYWRt
aW5pc3RyYXRvciBhdHRlbXB0aW5nIHRvIGFwcGx5IHRoZSBsaXZlcGF0Y2gsIHlvdSBnZXQKPiBp
bmZvcm1lZCB0aGF0IFhlbiBmYWlsZWQgdG8gcXVpZXNjZSBhbmQgdGhlIGxpdmVwYXRjaCBhcHBs
aWNhdGlvbgo+IGZhaWxlZC4gIE9wdGlvbnMgcmFuZ2UgZnJvbSB1cHBpbmcgdGhlIHRpbWVvdXQg
b24gdGhlIG5leHQgcGF0Y2hpbmcKPiBhdHRlbXB0LCB0byBwb3NzaWJseSBldmVuIG1hbnVhbGx5
IHBhdXNpbmcgdGhlIHRyb3VibGVzb21lIFZNIGZvciBhIHNlY29uZC4KClBhdXNpbmcgYSBWTSBp
cyBhY2VlcHRhYmxlIEkgd291bGQgdGhpbmsuCj4gCj4gSSBhbHNvIHRoaW5rIGl0IHVud2lzZSB0
byBjb25zaWRlciBhbnkgc2NlbmFyaW9zIGxpa2UgdGhpcyB3aXRoaW4gdGhlCj4gc2VjdXJpdHkg
c3RhdGVtZW50LCBvdGhlcndpc2Ugd2Ugd2lsbCBoYXZlIHRvIGlzc3VlIGFuIFhTQSBzdGF0aW5n
Cj4gIkd1ZXN0cyBkb2luZyBub3JtYWwgdW5wcml2aWxlZ2VkIHRoaW5ncyBjYW4gY2F1c2UgWGVu
IHRvIGJlCj4gaW5zdWZmaWNpZW50IHF1aWVzY2VudCB0byBhcHBseSBsaXZlcGF0Y2hlcyB3aXRo
IHRoZSBkZWxpYmVyYXRlbHkKPiBjb25zZXJ2YXRpdmUgZGVmYXVsdHMiLiAgV2hhdCByZW1lZGlh
dGlvbiB3b3VsZCB3ZSBzdWdnZXN0IGZvciB0aGlzPwoKeGwgcGF1c2UgOi0pCgo+IAo+IAo+IE9u
IHRoZSBwb2ludHMgb2YgdW5leHBlY3RlZCBhY2Nlc3MgdG8gdGhlIGh5cGVyY2FsbHMsIGFuZCBY
ZW4gZG9pbmcgdGhlCj4gd3JvbmcgdGhpbmcgd2hlbiBwcmVzZW50ZWQgd2l0aCBhIGxlZ2l0aW1h
dGUgY29ycmVjdCBsaXZlcGF0Y2gsIEkgdGhpbmsKPiB0aGVzZSBhcmUgaW4gcHJpbmNpcGxlIGZp
bmUgZm9yIGluY2x1c2lvbiB3aXRoaW4gYSBzdXBwb3J0IHN0YXRlbWVudC4KClllcy4KPiAKPiBJ
IHdvdWxkIGFzayBob3dldmVyIGhvdyBjb25maWRlbnQgd2UgYXJlIHRoYXQgdGhlcmUgYXJlIG5v
IEVMRiBwYXJzaW5nCj4gYnVncyBpbiB0aGUgY29kZT8gIEkgdGhpbmsgaXQgbWlnaHQgYmUgdmVy
eSBwcnVkZW50IHRvIHRyeSBhbmQgYnVpbGQgYQo+IHVzZXJzcGFjZSBoYXJuZXNzIGZvciBpdCBh
bmQgbGV0IEFMRiBoYXZlIGEgZ28uCgpKYW4gZGlkIGFuIGV4Y2VsbGVudCBqb2Igd2hlbiByZXZp
ZXdpbmcgdGhlIGNvZGUuIEJ1dCB0aGVyZSBpcyBvZiBjb3Vyc2UKdGhlIHBvc3NpYmlsaXR5IHRo
YXQgc29tZXRoaW5nIHNsaXBwZWQgb3VyIG1pbmQuCgpJIHdvdWxkIChpbiBteSBvcGluaW9uIGFz
IGxpdmVwYXRjaCBtYWludGFpbmVyKSBub3QgdG8gZ2F0ZSB0aGUgc3VwcG9ydApwYXJ0IG9uIHRo
aXMgYXMgd2VsbCwgSSBoYXZlIG5vIGNsdWUgaG93IHRvIHNldHVwIEFMRiBhbmQgdGhpcyBtYXkK
dGFrZSBxdWl0ZSBhIHdoaWxlIHRvIGdldCBkb25lLgoKX19fX19fX19fX19fX19fX19fX19fX19f
X19fX19fX19fX19fX19fX19fX19fX18KWGVuLWRldmVsIG1haWxpbmcgbGlzdApYZW4tZGV2ZWxA
bGlzdHMueGVuLm9yZwpodHRwczovL2xpc3RzLnhlbi5vcmcveGVuLWRldmVsCg==