Hi Greg, could you please add the following upstream patches to the stable 5.10 kernel (I'll send separate mails for the older stable kernels as some of the patches don't apply for those)? They are hardening Xen PV frontends against attacks from related backends.
Qubes-OS has asked for those patches to be added to stable, too.629a5d87e26fe96b ("xen: sync include/xen/interface/io/ring.h with Xen's newest version")
71b66243f9898d0e ("xen/blkfront: read response from backend only once")
8f5a695d99000fc3 ("xen/blkfront: don't take local copy of a request from
the ring page")
b94e4b147fd1992a ("xen/blkfront: don't trust the backend response data
blindly")
8446066bf8c1f9f7 ("xen/netfront: read response from backend only once")
162081ec33c2686a ("xen/netfront: don't read data from request on the
ring page")
21631d2d741a64a0 ("xen/netfront: disentangle tx_skb_freelist")
a884daa61a7d9165 ("xen/netfront: don't trust the backend response data
blindly")
e679004dec37566f ("tty: hvc: replace BUG_ON() with negative return value")
Thanks,
Juergen
OpenPGP_0xB0DE9DD628BF132F.asc
Description: OpenPGP public key
OpenPGP_signature
Description: OpenPGP digital signature
