From owner-svn-src-all@freebsd.org Fri Mar 9 14:36:50 2018 Return-Path: Delivered-To: svn-src-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id F0BF5F2D694; Fri, 9 Mar 2018 14:36:49 +0000 (UTC) (envelope-from tychon@freebsd.org) Received: from pb-smtp1.pobox.com (pb-smtp1.pobox.com [64.147.108.70]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 9DE0479A2E; Fri, 9 Mar 2018 14:36:49 +0000 (UTC) (envelope-from tychon@freebsd.org) Received: from pb-smtp1.pobox.com (unknown [127.0.0.1]) by pb-smtp1.pobox.com (Postfix) with ESMTP id B8A77DC824; Fri, 9 Mar 2018 09:36:41 -0500 (EST) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=pobox.com; h=content-type :mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; s=sasl; bh= +RW4R4nYyphtbmEc9b3QO85NQB4=; b=uGK1E7TiD9EtoJyxe0EehHjDdYTjv1vi RJQKAisLJgLjP2nwAh+ahChNzvbX4B3Jj7+QekvhM7rK6YTJyoTQR28hp6rUN6fK 58oFkTaAJ5lU/830VOIXRgbDlmbu1IyigRiItAt7Ac2hQuJ8gOoQFnusM/9rkXEb OLm9KgeC3NY= Received: from pb-smtp1.nyi.icgroup.com (unknown [127.0.0.1]) by pb-smtp1.pobox.com (Postfix) with ESMTP id AF847DC823; Fri, 9 Mar 2018 09:36:41 -0500 (EST) Received: from [10.0.1.195] (unknown [146.115.68.244]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by pb-smtp1.pobox.com (Postfix) with ESMTPSA id 11BBCDC821; Fri, 9 Mar 2018 09:36:41 -0500 (EST) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 11.2 \(3445.5.20\)) Subject: Re: svn commit: r328011 - in head/sys/amd64/vmm: amd intel From: Tycho Nightingale In-Reply-To: Date: Fri, 9 Mar 2018 09:36:40 -0500 Cc: Kubilay Kocak , FreeBSD Security Team , svn-src-head@freebsd.org, svn-src-all@freebsd.org, src-committers Content-Transfer-Encoding: quoted-printable Message-Id: References: <201801151837.w0FIb3R7098459@repo.freebsd.org> To: Ed Maste X-Mailer: Apple Mail (2.3445.5.20) X-Pobox-Relay-ID: 482CC228-23A7-11E8-B669-44CE1968708C-09779102!pb-smtp1.pobox.com X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 09 Mar 2018 14:36:50 -0000 > On Mar 9, 2018, at 9:26 AM, Ed Maste wrote: >=20 > On 8 March 2018 at 21:57, Kubilay Kocak wrote: >> On 9/03/2018 8:57 am, Ed Maste wrote: >>> On 15 January 2018 at 13:37, Tycho Nightingale = wrote: >>>> Author: tychon >>>> Date: Mon Jan 15 18:37:03 2018 >>>> New Revision: 328011 >>>> URL: https://svnweb.freebsd.org/changeset/base/328011 >>>>=20 >>>> Log: >>>> Provide some mitigation against CVE-2017-5715 by clearing = registers >>>> upon returning from the guest which aren't immediately clobbered = by >>>> the host. This eradicates any remaining guest contents limiting = their >>>> usefulness in an exploit gadget. >>>=20 >>> Will you MFC this to stable/11? >>=20 >> Mitigations and related MFC's and SA's, etc for vulnerabilities, are >> presumably all being coordinated and handled by secteam, with = associated >> (explicit) messaging when fixes don't apply to particular >> branches/versions, no? >=20 > Embargoed patches to address specific security vulnerabilities are > handled by secteam, and are committed to all branches simultaneously. >=20 > For cases like this, where it's a mitigation or other improvement that > is already committed to CURRENT, it's best if the domain expert / > original committer handles the merge. That said, I'm happy to take > care of the merge if desired. No worries, I will merge this and r329162 too. Tycho