On Sat, Jan 6, 2018 at 2:54 PM, Anthony Liguori <aligu...@amzn.com> wrote: > From: Anthony Liguori <aligu...@amazon.com> > > CVE-2017-5754 is problematic for paravirtualized x86 domUs because it > appears to be very difficult to isolate the hypervisor's page tables > from PV domUs while maintaining ABI compatibility. Instead of trying > to make a KPTI-like approach work for Xen PV, it seems reasonable to > run a copy of Xen within an HVM (or PVH) domU to provide backwards > compatibility with guests as mentioned in XSA-254 [1].
I also posted a branch with a backport to 4.9 stable. https://github.com/aliguori/xen/tree/vixen-stable-4.9 While this is a big more than what goes into a typical stable release, given that it is addressing a security issue and is relatively well contained, I think it would be worth considering for addition to stable. Regards, Anthony Liguori _______________________________________________ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel
