Re: Regressed XSA-286, was [xen-unstable test] 161917: regressions - FAIL

From: Ian Jackson <iwj@xenproject.org>
To: Jan Beulich <jbeulich@suse.com>
Cc: "Andrew Cooper" <andrew.cooper3@citrix.com>,
	xen-devel@lists.xenproject.org,
	"Roger Pau Monné" <roger.pau@citrix.com>,
	"committers@xenproject.org" <committers@xenproject.org>
Subject: Re: Regressed XSA-286, was [xen-unstable test] 161917: regressions - FAIL
Date: Thu, 17 Jun 2021 14:05:28 +0100	[thread overview]
Message-ID: <24779.18584.523983.904660@mariner.uk.xensource.com> (raw)
In-Reply-To: <99833b7b-f626-fac5-d426-109afd4ffa38@suse.com>

Firstly, let me try to deal with substance and/or technical merit.

Jan, I am finding it difficult to follow in your message whether you
are asserting that your disputed change (to Xen) did not introduce a
vulnerability.

I think you are saying that there is no vulnerability, because in any
overall configuration where this is a vulnerability, the guest would
have to be making an unjustified assumption.

If this is your reasoning, I don't think it is sound.  The question is
not whether the assumption is justified or not (answering which
question seems to require nigh-incomprehensible exegesis of processor
documentation).

The question is whether any guest does in fact make that assumption.
If any do, then there is a vulnerability.  Whether that's a
vulnerability "in" Xen or "in" the guest is just a question of
finger-pointing.

If none do then there is no vulnerability.

On to process:

Jan Beulich writes ("Re: Regressed XSA-286, was [xen-unstable test] 161917: regressions - FAIL"):
> On 16.06.2021 17:43, Andrew Cooper wrote:
> > I am very irritated that you have *twice* recently introduced security
> > vulnerabilities by bypassing my reviews/objections on patches.
> 
> I'm sorry, Andrew, but already in my original reply a month ago I did
> express that I couldn't find any record of you having objected to the
> changes. It doesn't help that you claim you've objected when you
> really didn't (which is the impression I get from not finding anything,
> and which also matches my recollection of what was discussed).

Andrew, can you provide references to your objections ?

> I don't think I know which 2nd instance you're referring to, and hence
> I can't respond to that aspect.

And, likewise, references for this.

> > In the case of this revert specifically, I did get agreement on IRC
> > before reverting.
> 
> How can I know you did? You didn't even care to reply to my mail from
> a month ago. And there was no reason to make an emergency out of this
> and ask on irc. You could have sent mail just like is done for all
> other normal bug fixes etc. Iirc I was on PTO at that time; it would
> hence only have been fair to wait until my return.

I think it would be good practice to copy and paste relevant IRC
discussions into email in this kind of situation.  That email also
makes space to properly write down what you are doing, that you
realise it is controversial, who you have consulted, and why you are
going ahead.

I looked at one of the two disputed reverts in Xen,
cb199cc7de987cfda4659fccf51059f210f6ad34, and it does not have any
tags indicating approval by anyone else.

Andy, if you got agreement on IRC, who from ? [1]

Ian.

[1] This may well have included me.  I do not reliably record this
kind of information in my wetware.  That is what we have computers
for.