Date: Fri, 9 Mar 2018 09:26:40 -0500 From: Ed Maste <emaste@freebsd.org> To: Kubilay Kocak <koobs@freebsd.org> Cc: FreeBSD Security Team <secteam@freebsd.org>, Tycho Nightingale <tychon@freebsd.org>, svn-src-head@freebsd.org, svn-src-all@freebsd.org, src-committers <src-committers@freebsd.org> Subject: Re: svn commit: r328011 - in head/sys/amd64/vmm: amd intel Message-ID: <CAPyFy2BDhHrW7bPA-GM2zhRa3=EfRJgvYdxmXRCaunyRjeFXog@mail.gmail.com> In-Reply-To: <b7dd2d8c-55de-a1ef-2335-78d76e9787af@FreeBSD.org> References: <201801151837.w0FIb3R7098459@repo.freebsd.org> <CAPyFy2BWYy8T1vbsLemxYKf4sqHhQu9YZ1iAJicweQLeGNk16w@mail.gmail.com> <b7dd2d8c-55de-a1ef-2335-78d76e9787af@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 8 March 2018 at 21:57, Kubilay Kocak <koobs@freebsd.org> wrote: > On 9/03/2018 8:57 am, Ed Maste wrote: >> On 15 January 2018 at 13:37, Tycho Nightingale <tychon@freebsd.org> wrote: >>> Author: tychon >>> Date: Mon Jan 15 18:37:03 2018 >>> New Revision: 328011 >>> URL: https://svnweb.freebsd.org/changeset/base/328011 >>> >>> Log: >>> Provide some mitigation against CVE-2017-5715 by clearing registers >>> upon returning from the guest which aren't immediately clobbered by >>> the host. This eradicates any remaining guest contents limiting their >>> usefulness in an exploit gadget. >> >> Will you MFC this to stable/11? > > Mitigations and related MFC's and SA's, etc for vulnerabilities, are > presumably all being coordinated and handled by secteam, with associated > (explicit) messaging when fixes don't apply to particular > branches/versions, no? Embargoed patches to address specific security vulnerabilities are handled by secteam, and are committed to all branches simultaneously. For cases like this, where it's a mitigation or other improvement that is already committed to CURRENT, it's best if the domain expert / original committer handles the merge. That said, I'm happy to take care of the merge if desired.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAPyFy2BDhHrW7bPA-GM2zhRa3=EfRJgvYdxmXRCaunyRjeFXog>