[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] [PATCH] xsm: hide detailed Xen version from unprivileged guests

Hide the following information that can help identify the running Xen
binary version:


Return a more customer friendly empty string instead of "<denied>"
which would be shown in tools like dmidecode.

But allow guests to see this information in Debug builds of Xen.

Signed-off-by: Sergey Dyasli <sergey.dyasli@xxxxxxxxxx>
CC: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
CC: George Dunlap <George.Dunlap@xxxxxxxxxxxxx>
CC: Ian Jackson <ian.jackson@xxxxxxxxxxxxx>
CC: Jan Beulich <jbeulich@xxxxxxxx>
CC: Julien Grall <julien@xxxxxxx>
CC: Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx>
CC: Stefano Stabellini <sstabellini@xxxxxxxxxx>
CC: Wei Liu <wl@xxxxxxx>
CC: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>
 xen/common/version.c    |  2 +-
 xen/include/xsm/dummy.h | 15 ++++++++++-----
 2 files changed, 11 insertions(+), 6 deletions(-)

diff --git a/xen/common/version.c b/xen/common/version.c
index 937eb1281c..cc621ab76a 100644
--- a/xen/common/version.c
+++ b/xen/common/version.c
@@ -67,7 +67,7 @@ const char *xen_banner(void)
 const char *xen_deny(void)
-    return "<denied>";
+    return "";
 static const void *build_id_p __read_mostly;
diff --git a/xen/include/xsm/dummy.h b/xen/include/xsm/dummy.h
index b8e185e6fa..4a1a1bf2bd 100644
--- a/xen/include/xsm/dummy.h
+++ b/xen/include/xsm/dummy.h
@@ -750,16 +750,21 @@ static XSM_INLINE int xsm_xen_version (XSM_DEFAULT_ARG 
uint32_t op)
     case XENVER_get_features:
         /* These sub-ops ignore the permission checks and return data. */
         return 0;
-    case XENVER_extraversion:
-    case XENVER_compile_info:
-    case XENVER_capabilities:
-    case XENVER_changeset:
     case XENVER_pagesize:
     case XENVER_guest_handle:
         /* These MUST always be accessible to any guest by default. */
         return xsm_default_action(XSM_HOOK, current->domain, NULL);
+    case XENVER_extraversion:
+    case XENVER_compile_info:
+    case XENVER_capabilities:
+    case XENVER_changeset:
+    case XENVER_commandline:
+    case XENVER_build_id:
-        return xsm_default_action(XSM_PRIV, current->domain, NULL);
+        /* Hide information from guests only in Release builds. */
+        return xsm_default_action(debug_build() ? XSM_HOOK : XSM_PRIV,
+                                  current->domain, NULL);

Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.