On 12/9/2022 2:42 PM, Alex Williamson wrote: > On Fri, 9 Dec 2022 13:40:29 -0500 > Steven Sistare <steven.sistare@xxxxxxxxxx> wrote: > >> On 12/8/2022 11:40 AM, Alex Williamson wrote: >>> On Thu, 8 Dec 2022 07:56:30 +0000 >>> "Tian, Kevin" <kevin.tian@xxxxxxxxx> wrote: >>> >>>>> From: Alex Williamson <alex.williamson@xxxxxxxxxx> >>>>> Sent: Thursday, December 8, 2022 5:45 AM >>>>> >>>>> Fix several loose ends relative to reverting support for vaddr removal >>>>> and update. Mark feature and ioctl flags as deprecated, restore local >>>>> variable scope in pin pages, remove remaining support in the mapping >>>>> code. >>>>> >>>>> Signed-off-by: Alex Williamson <alex.williamson@xxxxxxxxxx> >>>>> --- >>>>> >>>>> This applies on top of Steve's patch[1] to fully remove and deprecate >>>>> this feature in the short term, following the same methodology we used >>>>> for the v1 migration interface removal. The intention would be to pick >>>>> Steve's patch and this follow-on for v6.2 given that existing support >>>>> exposes vulnerabilities and no known upstream userspaces make use of >>>>> this feature. >>>>> >>>>> [1]https://lore.kernel.org/all/1670363753-249738-2-git-send-email- >>>>> steven.sistare@xxxxxxxxxx/ >>>>> >>>> >>>> Reviewed-by: Kevin Tian <kevin.tian@xxxxxxxxx> >>>> >>>> btw given the exposure and no known upstream usage should this be >>>> also pushed to stable kernels? >>> >>> I'll add to both: >>> >>> Cc: stable@xxxxxxxxxxxxxxx # v5.12+ >> >> We maintain and use a version of qemu that contains the live update patches, >> and requires these kernel interfaces. Other companies are also experimenting >> with it. Please do not remove it from stable. > > The interface has been determined to have vulnerabilities and the > proposal to resolve those vulnerabilities is to implement a new API. > If we think it's worthwhile to remove the existing, vulnerable interface > in the current kernel, what makes it safe to keep it for stable kernels? I do not think it's worth while, but I have stopped fighting for 6.2. > Existing users that could choose not to accept the revert in their > downstream kernel and allowing users evaluating the interface more time > before they know it's been removed upstream, are not terribly > compelling reasons to keep it in upstream stable kernels. Thanks, The compelling reason is that stable is supposed to be stable and maintain existing interfaces, and now I will need to re-merge the interfaces at regular intervals when we update UEK from stable. Oracle is a current user of these interfaces in our business. Do we count? - Steve
