WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-users

Re: [Xen-users] are Xen 3.1.0 kernels CVE-2007-4573 vulnerable

To: xen-users@xxxxxxxxxxxxxxxxxxx
Subject: Re: [Xen-users] are Xen 3.1.0 kernels CVE-2007-4573 vulnerable
From: Mark Williamson <mark.williamson@xxxxxxxxxxxx>
Date: Fri, 5 Oct 2007 03:10:35 +0100
Cc: Steven Timm <timm@xxxxxxxx>, "Fajar A. Nugraha" <fajar@xxxxxxxxxxxxx>
Delivery-date: Thu, 04 Oct 2007 19:11:38 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <Pine.LNX.4.64L.0710032041410.22924@xxxxxxxxxxxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References: <Pine.LNX.4.64.0710011215020.7452@xxxxxxxxxxxxxxxxx> <47044266.2080504@xxxxxxxxxxxxx> <Pine.LNX.4.64L.0710032041410.22924@xxxxxxxxxxxxxxx>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: KMail/1.9.6
> I guess what I am really trying to get at is the following:
> What, if anything, of the Xen code base is built into
> the kernel rpms that redhat 5 and friends distribute as kernel-xen
> (for instance, kernel-xen-2.6.18-8.1.14.el5, just released
> to patch the vulnerability that started this thread).
> Is there anything that's version specific?  Is there anything
> that ties it to xen 3.0.3?  How can I look at the kernel config
> files and tell the difference, if necessary?

For a long time, Xen, dom0's kernel and the dom0 tools had to be compiled from 
the same source tree in order to work together.  Some time after Xen 3.0.3, 
(the 3.0.4 release if I recall correctly) the dom0 kernel was decoupled from 
this, so that from that point on you could use any released dom0 kernel with 
any subsequent version of Xen and the tools.  However, you will not 
necessarily get full functionality unless you use a new enough dom0 kernel.

In short: that kernel probably needs to be matched with a 3.0.3 Xen and tools 
in order for things to work properly.

> I went and got the kernels from xensource that were compiled with
> xen 3.1.0 because people on this list told me that this was required
> to do what I wanted to do, namely 64bit dom0 plus 32bit PAE domU's.

I think that was probably me :-)

> I understand that a xen 3.0.3-compiled kernel could be a domU in this
> setup but not a dom0.  Is this understanding wrong?

It definitely couldn't be a dom0.

Actually, a 3.0.3 kernel quite possibly wouldn't boot in 32-bit mode on a 
64-bit Xen from the 3.1 release.  That's because of a fix that hadn't yet 
been pushed at release time - when 3.1 came out, your 32-bit compat mode 
kernel needed to be a recent one or it wouldn't work.  The compatibility for 
older kernels was added later, so it'll be in xen-unstable and I guess it'll 
probably be in 3.1.1.

Sorry for getting bogged down in a confusing sea of version numbers here.  
It's partly because the interfaces keep changing, and because which 
interfaces can change is also changing :-)

I'm not sure I'm in a very good state to be coherent, so I'll stop here.  If I 
don't make sense, please ask more questions.

Cheers,
Mark

-- 
Dave: Just a question. What use is a unicyle with no seat?  And no pedals!
Mark: To answer a question with a question: What use is a skateboard?
Dave: Skateboards have wheels.
Mark: My wheel has a wheel!

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users