* Patches for stable 5.10 kernel
@ 2021-11-29 7:19 Juergen Gross
2021-11-29 12:25 ` Greg Kroah-Hartman
0 siblings, 1 reply; 2+ messages in thread
From: Juergen Gross @ 2021-11-29 7:19 UTC (permalink / raw)
To: stable, Greg Kroah-Hartman; +Cc: xen-devel
[-- Attachment #1.1.1: Type: text/plain, Size: 1087 bytes --]
Hi Greg,
could you please add the following upstream patches to the stable 5.10
kernel (I'll send separate mails for the older stable kernels as some
of the patches don't apply for those)? They are hardening Xen PV
frontends against attacks from related backends.
Qubes-OS has asked for those patches to be added to stable, too.
629a5d87e26fe96b ("xen: sync include/xen/interface/io/ring.h with Xen's
newest version")
71b66243f9898d0e ("xen/blkfront: read response from backend only once")
8f5a695d99000fc3 ("xen/blkfront: don't take local copy of a request from
the ring page")
b94e4b147fd1992a ("xen/blkfront: don't trust the backend response data
blindly")
8446066bf8c1f9f7 ("xen/netfront: read response from backend only once")
162081ec33c2686a ("xen/netfront: don't read data from request on the
ring page")
21631d2d741a64a0 ("xen/netfront: disentangle tx_skb_freelist")
a884daa61a7d9165 ("xen/netfront: don't trust the backend response data
blindly")
e679004dec37566f ("tty: hvc: replace BUG_ON() with negative return value")
Thanks,
Juergen
[-- Attachment #1.1.2: OpenPGP public key --]
[-- Type: application/pgp-keys, Size: 3135 bytes --]
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 495 bytes --]
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: Patches for stable 5.10 kernel
2021-11-29 7:19 Patches for stable 5.10 kernel Juergen Gross
@ 2021-11-29 12:25 ` Greg Kroah-Hartman
0 siblings, 0 replies; 2+ messages in thread
From: Greg Kroah-Hartman @ 2021-11-29 12:25 UTC (permalink / raw)
To: Juergen Gross; +Cc: stable, xen-devel
On Mon, Nov 29, 2021 at 08:19:18AM +0100, Juergen Gross wrote:
> Hi Greg,
>
> could you please add the following upstream patches to the stable 5.10
> kernel (I'll send separate mails for the older stable kernels as some
> of the patches don't apply for those)? They are hardening Xen PV
> frontends against attacks from related backends.
>
> Qubes-OS has asked for those patches to be added to stable, too.
>
> 629a5d87e26fe96b ("xen: sync include/xen/interface/io/ring.h with Xen's
> newest version")
> 71b66243f9898d0e ("xen/blkfront: read response from backend only once")
> 8f5a695d99000fc3 ("xen/blkfront: don't take local copy of a request from the
> ring page")
> b94e4b147fd1992a ("xen/blkfront: don't trust the backend response data
> blindly")
> 8446066bf8c1f9f7 ("xen/netfront: read response from backend only once")
> 162081ec33c2686a ("xen/netfront: don't read data from request on the ring
> page")
> 21631d2d741a64a0 ("xen/netfront: disentangle tx_skb_freelist")
> a884daa61a7d9165 ("xen/netfront: don't trust the backend response data
> blindly")
> e679004dec37566f ("tty: hvc: replace BUG_ON() with negative return value")
>
All now queued up, thanks.
But people should be moving to the 5.15 kernel by now and not sticking
with 5.10 anymore for stuff like this.
greg k-h
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2021-11-29 12:27 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-11-29 7:19 Patches for stable 5.10 kernel Juergen Gross
2021-11-29 12:25 ` Greg Kroah-Hartman
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).