[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Xen 4.4 updates - request for feedback

Am 25.10.18 um 10:08 schrieb Peter Dreuw:
> Am 24.10.18 um 20:34 schrieb Antoine Beaupré:
>>> I am not sure if this can be done with Xen 4.4 - at least not to a level
>>> of a 100% solution. Looking into the upstream code for e.g. 4.6 there
>>> are many changes that would need to be considered. I am thinking of
>>> this, currently, yes. The same goes to
>>>
>>>
>>> XSA 263 / CVE-2018-3639
>>>
>>> XSA 267 / CVE-2018-3665
>>>
>>> XSA 273 / CVE-2018-3620,CVE-2018-3646
>>>
>>> The upstream fixes for these XSA rely on the XSA 254 work already done. 
>>> So getting xsa 263/267/273 fixed would need to adapt much of the work
>>> done for xsa 254.
>> Right. It's a huge challenge and sensitive if not confusing code.
> yes, it is. I think it will be doable but I have no real idea how mich
> time this would consume.

may one point to make it clear, tho it might be obvious to most of you:

We can apply fixes to the original Xen 4.4 version and have done
everything possible - without a fixed kernel, there is no mitigation of
spectre/meltdown. The same applies to any other virtualization solution.
So people have to work with a more recent Kernel or live with unfixed
spectre/meltdown issues. If you are using a backports kernel, you might
be willing to use a backports Xen package, too.

From my perspective, looking into these fixes for 4.4 is more future
oriented;) There are already some fixes for more recent XSA like XSA
263, 267 and 273, which partly depend on the code introduced with the
various XSA 254 fixes.

Cheers

Peter


-- 
Peter Dreuw
Teamleiter
Tel.:  +49 2166 9901-155
Fax:   +49 2166 9901-100
E-Mail: Peter.Dreuw@credativ.de

gpg fingerprint: 33B0 82D3 D103 B594 E7D3  53C7 FBB6 3BD0 DB32 ED41
http://www.credativ.de/

**********************************************
Jetzt neu: 
Elephant Shed - PostgreSQL Appliance
PostgreSQL und alles was dazugehört

Von Backup über Monitoring bis Reporting: 
https://elephant-shed.io/index.de.html
**********************************************

credativ GmbH, HRB Mönchengladbach 12080
USt-ID-Nummer: DE204566209
Trompeterallee 108, 41189 Mönchengladbach
Geschäftsführung: Dr. Michael Meskes, Jörg Folz, Sascha Heuer

Unser Umgang mit personenbezogenen Daten unterliegt
folgenden Bestimmungen: https://www.credativ.de/datenschutz


begin:vcard
fn:Peter Dreuw
n:Dreuw;Peter
org:credativ GmbH;Team Support
adr;quoted-printable:;;Trompeter Allee 108;M=C3=B6nchengladbach;Nordrhein-Westfalen;41189;Deutschland
email;internet:peter.dreuw@credativ.de
title:Teamleiter
tel;work:+4921669901155
tel;fax:+4921669901100
note;quoted-printable:gpg fingerprint: 33B0 82D3 D103 B594 E7D3  53C7 FBB6 3BD0 DB32 ED41=0D=0A=
	=0D=0A=
	credativ GmbH, HRB M=C3=B6nchengladbach 12080=0D=0A=
	USt-ID-Nummer: DE204566209=0D=0A=
	Gesch=C3=A4ftsf=C3=BChrung: Dr. Michael Meskes, J=C3=B6rg Folz, SaschaHeu=
	er
url:www.credativ.de
version:2.1
end:vcard
Reply to: