Once zduan''s tmem restore fix is applied, all known tmem security issues have been resolved and tested and tmem is fully functional again in xen-unstable, including save/restore. I''d like to recommend that all tmem patches be backported to 4.1-stable and 4.2-stable prior to the next point release and preferably asap. Auditing activities are being conducted separately under Konrad''s supervision, but it seems wise to apply known security patches to released trees before any users/distros update. Comments or objections? Thanks, Dan P.S. Some work remains for tmem to always work properly with "xl create" but "xm create" works fine.
>>> On 19.09.12 at 17:48, Dan Magenheimer <dan.magenheimer@oracle.com> wrote: > I''d like to recommend that all tmem patches be backported > to 4.1-stable and 4.2-stable prior to the next > point release and preferably asap. > > Auditing activities are being conducted separately under > Konrad''s supervision, but it seems wise to apply known > security patches to released trees before any users/distros > update. > > Comments or objections?My recollection is that the committers more or less agreed to consider backports only once the full audit was done, and we were assured that no further vulnerabilities are to be expected. But I''m certainly open to weakening that position if others prefer going that route. Jan
> From: Jan Beulich [mailto:JBeulich@suse.com] > Sent: Wednesday, September 19, 2012 10:00 AM > To: Dan Magenheimer > Cc: Ian Campbell; IanJackson; xen-devel@lists.xen.org; Konrad Wilk; Zhenzhong Duan; Keir Fraser; > tim@xen.org > Subject: Re: tmem/XSA-15 backport? > > >>> On 19.09.12 at 17:48, Dan Magenheimer <dan.magenheimer@oracle.com> wrote: > > I''d like to recommend that all tmem patches be backported > > to 4.1-stable and 4.2-stable prior to the next > > point release and preferably asap. > > > > Auditing activities are being conducted separately under > > Konrad''s supervision, but it seems wise to apply known > > security patches to released trees before any users/distros > > update. > > > > Comments or objections? > > My recollection is that the committers more or less agreed to > consider backports only once the full audit was done, and we > were assured that no further vulnerabilities are to be > expected. But I''m certainly open to weakening that position > if others prefer going that route.Yes, didn''t make much sense to me :-) I agree it may be wise to _not_ remove any published recommendations to _not_ enable tmem until a full audit is done, but failing to fix known issues (security or otherwise) in released trees because there _might_ be other bugs found in the future seems odd to me. Other comments or objections? Dan
>>> On 19.09.12 at 17:48, Dan Magenheimer <dan.magenheimer@oracle.com> wrote: > Once zduan''s tmem restore fix is applied, all known > tmem security issues have been resolved and tested > and tmem is fully functional again in xen-unstable, > including save/restore. > > I''d like to recommend that all tmem patches be backported > to 4.1-stable and 4.2-stable prior to the next > point release and preferably asap.Done. Jan
> From: Jan Beulich [mailto:JBeulich@suse.com] > Sent: Tuesday, September 25, 2012 4:30 AM > To: xen-devel@lists.xen.org; Dan Magenheimer > Cc: Ian Campbell; IanJackson; Konrad Wilk; Zhenzhong Duan; tim@xen.org > Subject: Re: tmem/XSA-15 backport? > > >>> On 19.09.12 at 17:48, Dan Magenheimer <dan.magenheimer@oracle.com> wrote: > > Once zduan''s tmem restore fix is applied, all known > > tmem security issues have been resolved and tested > > and tmem is fully functional again in xen-unstable, > > including save/restore. > > > > I''d like to recommend that all tmem patches be backported > > to 4.1-stable and 4.2-stable prior to the next > > point release and preferably asap. > > Done.Excellent! Thanks much! Dan