On 03/16/2016, 10:25 AM, Jan Beulich wrote: > Hello, > > it's been puzzling me for a while that these fixes, despite having the > necessary Cc, did not make it into (at least) 4.1.y and 3.12.y yet. > Unless there's a specific reason, may I ask for inclusion of > > CVE-2015-8550 / XSA-155: > > 454d5d882c xen: Add RING_COPY_REQUEST() > 0f589967a7 xen-netback: don't use last request to determine minimum Tx credit Applied these two to 3.12. W/ slight update of the latter. > 68a33bfd84 xen-netback: use RING_COPY_REQUEST() throughout This does not apply cleanly and needs a backport. So I stopped here. > 1f13d75ccb xen-blkback: only read request operation from shared ring once > 1877914910 xen-blkback: read from indirect descriptors only once > be69746ec1 xen-scsiback: safely copy requests > 8135cf8b092 xen/pciback: Save xen_pci_op commands before processing it > > plus the follow-up fix > > d159457b84 xen/pciback: Save the number of MSI-X entries to be copied later. > CVE-2015-8551, CVE-2015-8552 / XSA-157: The fixes for this one applied all cleanly, applied to 3.12. > 56441f3c8e xen/pciback: Return error on XEN_PCI_OP_enable_msi when device has MSI or MSI-X enabled > 5e0ce1455c xen/pciback: Return error on XEN_PCI_OP_enable_msix when device has MSI or MSI-X enabled > a396f3a210 xen/pciback: Do not install an IRQ handler for MSI interrupts. > 7cfb905b96 xen/pciback: For XEN_PCI_OP_disable_msi[|x] only disable if device has MSI(X) enabled. > 408fb0e5aa xen/pciback: Don't allow MSI-X ops if PCI_COMMAND_MEMORY is not set. > > plus the follow-up fix > > 8d47065f7d xen/pciback: Check PF instead of VF for PCI_COMMAND_MEMORY thanks, -- js suse labs -- To unsubscribe from this list: send the line "unsubscribe stable" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html