Re: [Xen-devel] [PATCH v3 1/2] xsm: add config option for denied string
> -Original Message- > From: Xen-devel On Behalf Of Jan > Beulich > Sent: 20 January 2020 09:51 > To: Sergey Dyasli > Cc: Stefano Stabellini ; Julien Grall > ; Wei Liu ; Konrad Rzeszutek Wilk > ; George Dunlap ; > Andrew Cooper ; Doug Goldstein > ; xen-de...@lists.xen.org; Daniel De Graaf > ; Ian Jackson > Subject: Re: [Xen-devel] [PATCH v3 1/2] xsm: add config option for denied > string > > On 17.01.2020 17:44, Sergey Dyasli wrote: > > Signed-off-by: Sergey Dyasli > > In principle > Acked-by: Jan Beulich > > But I think it would be nice to have a non-empty description, at > least to reason why the option addition is deemed useful. > > > --- a/xen/common/Kconfig > > +++ b/xen/common/Kconfig > > @@ -236,6 +236,14 @@ choice > > bool "SILO" if XSM_SILO > > endchoice > > > > +config XSM_DENIED_STRING > > + string "xen_version denied string" > > I guess inserting "hypercall" into this prompt would set better > context without needing to resort to the help text, i.e. > "xen_version hypercall denied string". Thoughts? > "xen_version hypercall denied information replacement string"? It's not like the hypercall as a whole is being denied, after all. Paul > Jan > > ___ > Xen-devel mailing list > Xen-devel@lists.xenproject.org > https://lists.xenproject.org/mailman/listinfo/xen-devel ___ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel
Re: [Xen-devel] [PATCH v3 1/2] xsm: add config option for denied string
On 17.01.2020 17:44, Sergey Dyasli wrote: > Signed-off-by: Sergey Dyasli In principle Acked-by: Jan Beulich But I think it would be nice to have a non-empty description, at least to reason why the option addition is deemed useful. > --- a/xen/common/Kconfig > +++ b/xen/common/Kconfig > @@ -236,6 +236,14 @@ choice > bool "SILO" if XSM_SILO > endchoice > > +config XSM_DENIED_STRING > + string "xen_version denied string" I guess inserting "hypercall" into this prompt would set better context without needing to resort to the help text, i.e. "xen_version hypercall denied string". Thoughts? Jan ___ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel
[Xen-devel] [PATCH v3 1/2] xsm: add config option for denied string
Signed-off-by: Sergey Dyasli
---
v2 --> v3:
- new patch
CC: Andrew Cooper
CC: George Dunlap
CC: Ian Jackson
CC: Jan Beulich
CC: Julien Grall
CC: Konrad Rzeszutek Wilk
CC: Stefano Stabellini
CC: Wei Liu
CC: Daniel De Graaf
CC: Doug Goldstein
---
xen/common/Kconfig | 8
xen/common/version.c | 2 +-
2 files changed, 9 insertions(+), 1 deletion(-)
diff --git a/xen/common/Kconfig b/xen/common/Kconfig
index b3d161d057..f0a3f0da0f 100644
--- a/xen/common/Kconfig
+++ b/xen/common/Kconfig
@@ -236,6 +236,14 @@ choice
bool "SILO" if XSM_SILO
endchoice
+config XSM_DENIED_STRING
+ string "xen_version denied string"
+ default ""
+ depends on XSM
+ ---help---
+ A string which substitutes sensitive information returned via
+ xen_version hypercall to non-privileged guests
+
config LATE_HWDOM
bool "Dedicated hardware domain"
default n
diff --git a/xen/common/version.c b/xen/common/version.c
index 937eb1281c..14b205af48 100644
--- a/xen/common/version.c
+++ b/xen/common/version.c
@@ -67,7 +67,7 @@ const char *xen_banner(void)
const char *xen_deny(void)
{
-return "";
+return CONFIG_XSM_DENIED_STRING;
}
static const void *build_id_p __read_mostly;
--
2.17.1
___
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
