> > 1. Having tested live-patching thoroughly for at least some version of
> > the codebase
> >
> > 2. Having tested live-patching for one of the Xen 4.9 RCs.
> >
> > Thoughts?
>
> As a statement of what XenServer is doing:
As a statement of what Oracle is doing.
We have been using livepatching
Andrew Cooper writes ("Re: [Xen-devel] Livepatching and Xen Security"):
> livepatching doesn't use libelf.
>
> It is a new ELF parsing implementation.
I don't think we care very much about bugs in the livepatching elf
parser. The livepatches are all completely trus
On 19/05/17 15:32, Wei Liu wrote:
> On Thu, May 18, 2017 at 08:07:00PM +0100, Andrew Cooper wrote:
>> I would ask however how confident we are that there are no ELF parsing
>> bugs in the code? I think it might be very prudent to try and build a
>> userspace harness for it and let ALF have a go.
>
On Thu, May 18, 2017 at 08:07:00PM +0100, Andrew Cooper wrote:
> I would ask however how confident we are that there are no ELF parsing
> bugs in the code? I think it might be very prudent to try and build a
> userspace harness for it and let ALF have a go.
>
There is already a fuzzing harness i
On 18/05/17 17:40, George Dunlap wrote:
> There are four general areas I think there may be bugs.
>
> ## Unprivileged access to Livepatching hypercalls
>
> ## Bugs in the patch creation tools which create patches with vulnerabilities
>
> ## Bugs in the patch-application code such that vulnerabiliti
On 18/05/2017 17:53, "Ian Jackson" wrote:
>George Dunlap writes ("Livepatching and Xen Security"):
>> # Executive summary
>
>I am completely in agreement with your analysis and your conclusions.
Me too. I am not sure though whether we need a vote or lazy consensus.
For Credit2 (see
https://l
George Dunlap writes ("Livepatching and Xen Security"):
> # Executive summary
I am completely in agreement with your analysis and your conclusions.
Ian.
___
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
