On 03.03.2023 16:56, Andrew Cooper wrote: > Two python bugfixes which definitely qualify for backport: > > 897257ba49d0 tools/python: change 's#' size type for Python >= 3.10 > 3a59443c1d5a tools/xenmon: Fix xenmon.py for with python3.x
Queued. I wasn't entirely certain about these when I saw them going in. They also had no Fixes: tags. > Next, I'm going to argue for taking: > > f7d07619d2ae x86/vmx: implement VMExit based guest Bus Lock detection > d329b37d1213 x86/vmx: introduce helper to set VMX_INTR_SHADOW_NMI > 573279cde1c4 x86/vmx: implement Notify VM Exit > 5f08bc9404c7 x86/vmx: Partially revert "x86/vmx: implement Notify VM Exit" > > These are technically new features for Sapphire Rapids, but they're both > very simple (in the grand scheme of new features), and are both > mitigations to system-wide denial of services that required silicon > changes to make happen. > > Either way, there is a security argument to be made for backporting these. I have to admit I'm not entirely certain here. At present my inclination would be to put them in 4.17 only, where - it only going to be 4.17.1 - the "new feature" aspect is more reasonable to accept. 4.16, otoh, is relatively soon to go out of general support (albeit I notice not yet after the next stable release, as this time round the 4 month cadence was followed pretty closely). Thoughts? Jan
