On Tue, Sep 26, 2023 at 09:59:19PM -0400, Demi Marie Obenour wrote:

These detailed security advisories are one of the things I love about Xen. It's hard to trust a hypervisor (KVM) that will not issue them, for then one has no way to know if a particular problem got fixed.

I concur. I'd appreciate security advisories from the KVM project.

I'm CCing KVM here to make sure they have a fix. From their Git commit history, I am almost certain that seL4 does not. I'm CCing the seL4 developers to alert them of this and suggest that the x86 port be removed or at least have a big warning.

I strongly oppose removal of a port/support for a certain architecture just because some implementations of it are/were problematic. Adding a warning is fine. Alexander P.S. Demi Marie, please note that oss-security list content guidelines explicitly discourage CC'ing other lists(*), and Xen advisories are already stretching this. In this reply, I am still CC'ing many of what you had CC'ed as I am following up on your specific points relevant to those lists, but in general let's be more careful about this. (*) Because we may then get off-topic follow-ups from there, especially if CC'ing project user lists or high-volume lists like LKML. In this specific case, we're lucky so far.