svn commit: r328011 - in head/sys/amd64/vmm: amd intel
Ed Maste
emaste at freebsd.org
Fri Mar 9 14:27:03 UTC 2018
On 8 March 2018 at 21:57, Kubilay Kocak <koobs at freebsd.org> wrote:
> On 9/03/2018 8:57 am, Ed Maste wrote:
>> On 15 January 2018 at 13:37, Tycho Nightingale <tychon at freebsd.org> wrote:
>>> Author: tychon
>>> Date: Mon Jan 15 18:37:03 2018
>>> New Revision: 328011
>>> URL: https://svnweb.freebsd.org/changeset/base/328011
>>>
>>> Log:
>>> Provide some mitigation against CVE-2017-5715 by clearing registers
>>> upon returning from the guest which aren't immediately clobbered by
>>> the host. This eradicates any remaining guest contents limiting their
>>> usefulness in an exploit gadget.
>>
>> Will you MFC this to stable/11?
>
> Mitigations and related MFC's and SA's, etc for vulnerabilities, are
> presumably all being coordinated and handled by secteam, with associated
> (explicit) messaging when fixes don't apply to particular
> branches/versions, no?
Embargoed patches to address specific security vulnerabilities are
handled by secteam, and are committed to all branches simultaneously.
For cases like this, where it's a mitigation or other improvement that
is already committed to CURRENT, it's best if the domain expert /
original committer handles the merge. That said, I'm happy to take
care of the merge if desired.
More information about the svn-src-head
mailing list