svn commit: r328011 - in head/sys/amd64/vmm: amd intel
Tycho Nightingale
tychon at freebsd.org
Fri Mar 9 14:36:50 UTC 2018
> On Mar 9, 2018, at 9:26 AM, Ed Maste <emaste at freebsd.org> wrote:
>
> On 8 March 2018 at 21:57, Kubilay Kocak <koobs at freebsd.org> wrote:
>> On 9/03/2018 8:57 am, Ed Maste wrote:
>>> On 15 January 2018 at 13:37, Tycho Nightingale <tychon at freebsd.org> wrote:
>>>> Author: tychon
>>>> Date: Mon Jan 15 18:37:03 2018
>>>> New Revision: 328011
>>>> URL: https://svnweb.freebsd.org/changeset/base/328011
>>>>
>>>> Log:
>>>> Provide some mitigation against CVE-2017-5715 by clearing registers
>>>> upon returning from the guest which aren't immediately clobbered by
>>>> the host. This eradicates any remaining guest contents limiting their
>>>> usefulness in an exploit gadget.
>>>
>>> Will you MFC this to stable/11?
>>
>> Mitigations and related MFC's and SA's, etc for vulnerabilities, are
>> presumably all being coordinated and handled by secteam, with associated
>> (explicit) messaging when fixes don't apply to particular
>> branches/versions, no?
>
> Embargoed patches to address specific security vulnerabilities are
> handled by secteam, and are committed to all branches simultaneously.
>
> For cases like this, where it's a mitigation or other improvement that
> is already committed to CURRENT, it's best if the domain expert /
> original committer handles the merge. That said, I'm happy to take
> care of the merge if desired.
No worries, I will merge this and r329162 too.
Tycho
More information about the svn-src-all
mailing list