[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [XEN PATCH] tools/xl: Add device_model_stubdomain_init_seclabel option to xl.cfg
- To: Scott Davis <scottwd@xxxxxxxxx>, <xen-devel@xxxxxxxxxxxxxxxxxxxx>
- From: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
- Date: Tue, 27 Jul 2021 12:45:28 +0100
- Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=+HcPvatENNCggjaKhyQcvrTaMvXj6YAD0XWzhc5THaA=; b=QbachIiJCQFIRArT/i8rkemjJQfbTmKwz3GlNYr2JWxonS0WyJnDGmJ0+lwqEVXjgWLu7Oeoc6KRtS1YgwNsdb6vqJVfJQT87HmyIvd39MM0EwPPqum/JAtVFkroSZScy7Wa2Lhv9XEds49KMct8cT/DWVPPw9hKSLUMVyIcf3Iqd+3juIQ1f3wQmhf7Mc69zxegqcpUI0GsGajGTcXyG8pl/8uVwGrbu2eYyDacktrDs4blh99zlbMFzlwk4DRGZHxoa+jX62DfOb5+RU7sVX5oFX5t0ElDVmt/Ze0FQOCzwLN8s/FATGlWNeEkZ7g5PU+fMI5Jda9WYKJCIArOig==
- Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=XGpQzwM4KEa7Shzjqg4KEFUujl1zfhgjr3Pyc/2XIKPo5I5eVuDEvIlCP6763KfU0BhJes8saUESUeHWn3EO8gWsxzgcMRSv5+OC54F9vShFt4e5SJWgacQT8vnRpbq4gFAb+1mZOFu9Fbs6sJZVcMSoRSqjiqgKgHRLEBCoNJEyJyGxOrcp4ZYXb9e5+RSraZnRZyDjjXD1Gqi3Rq+GhbfGwdJtcmAl8Kuom0PEFqitmXqV1oFDAQRSQtbXRFIeRygXTisEW//MnmewV76vTCX06c6tuwBLiqqZnYZDRT35yY8s6eS/fXrT7k7xclcZxbNSHoQ7OsnM9TIX7qmzXg==
- Authentication-results: esa3.hc3370-68.iphmx.com; dkim=pass (signature verified) header.i=@citrix.onmicrosoft.com
- Cc: Scott Davis <scott.davis@xxxxxxxxxx>, Ian Jackson <iwj@xxxxxxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>, Nick Rosbrook <rosbrookn@xxxxxxxxxxxx>, Anthony PERARD <anthony.perard@xxxxxxxxxx>, Juergen Gross <jgross@xxxxxxxx>, Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>, "Daniel P . Smith" <dpsmith@xxxxxxxxxxxxxxxxxxxx>
- Delivery-date: Tue, 27 Jul 2021 11:45:52 +0000
- Ironport-hdrordr: A9a23:DjVs+6pqysdn29Gau7b69jwaV5ulL9V00zEX/kB9WHVpm5Oj+P xGzc526farslsssREb+OxpOMG7MBbhHO1OkPYs1NCZLXXbUQqTXfxfBO7ZrQEIdBeOjtK1uZ 0QFJSWTeeAd2SS7vyKkDVQcexQueVvmZrA7Yy1rwYPPHNXguNbnmNE426gYzxLrWJ9dPwE/f Snl6h6TnabCA8qhpPRPAh6YwGPnayFqLvWJTo9QzI34giHij2lrJb8Dhijxx8bFxdC260r/2 TpmxHwovzLiYD79jbsk0voq7hGktrozdVOQOSKl8guMz3pziKlfp5oVbGutC085Muv9FEput /RpApIBbU811rhOkWO5Tf90Qjp1zgjr1fk1F+jmHPm5ff0QTorYvAxz75xQ1/80Q4Nrdt82K VE0yayrJxMFy7Nmyz7+pzhSwxqvlDcmwthrccjy1hkFacOYr5YqoISuGlPFo0bIS784Ic7VM FzEcDn4upMe1/yVQGbgoBW+q3pYp0PJGbAfqBb0fbllQS+3UoJj3fw/fZv20vpr/kGOsB5D4 2uCNUaqFlMJvVmJp6VSt1xGfdepwT2MGTx2VmpUCDa/Zc8SjrwQq7MkcAIDd6RCes1JbsJ6d n8uQBjxCIPk3yHM7zG4HQMyGGXfFmA
- Ironport-sdr: MMO3QKG2rNe5HNGm99oN4o5hHF/SpN5GYFYB9UTSDx2gQxTNJ8Lej6CbeVg9PNdjgzKUnvYtnY Vu7CCGbmEbQtNF/Wano3U6YAK/rZdB8P7Gr26Avy0BtAYBLDG42gloJMd4NQDpPclcABVeXFbw DmDx7rXn95KEtkNL76nKm4oYEyfnyM/I/4ZrMrR2SbQoj1//tNiq766Xyhlqg9pDm+9HKtQnOj HMusLG0tDqNAwia6vS7IZXIFao87Iaz1YQjthTIk9Xr0XAkLG9BZI/KGLCJvfRA4wKWsTVsJ/D oGx3oQ3VdK0x3ePDTXRIBY5r
- List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 23/07/2021 05:47, Scott Davis wrote:
> diff --git a/tools/libs/light/libxl_create.c b/tools/libs/light/libxl_create.c
> index e356b2106d..a12da5531d 100644
> --- a/tools/libs/light/libxl_create.c
> +++ b/tools/libs/light/libxl_create.c
> @@ -1060,13 +1060,31 @@ int libxl__domain_config_setdefault(libxl__gc *gc,
> char *s = d_config->b_info.device_model_ssid_label;
> ret = libxl_flask_context_to_sid(ctx, s, strlen(s),
>
> &d_config->b_info.device_model_ssidref);
> + if (ret) {
> + if (errno == ENOSYS) {
> + LOGD(WARN, domid,
> + "XSM Disabled: device_model_stubdomain_init_seclabel
> not supported");
> + ret = 0;
Surely this wants to be a hard error?
Not specifying a label is one thing, but specifying a label and having
it not take effect because code was compiled out of the hypervisor
sounds like a security hole.
I see this is a pattern copied from elsewhere, but it seems very short
signed.
~Andrew
|
