Re: [Xen-devel] [PATCH v3 1/2] xsm: add config option for denied string
> -Original Message- > From: Xen-devel On Behalf Of Jan > Beulich > Sent: 20 January 2020 09:51 > To: Sergey Dyasli > Cc: Stefano Stabellini ; Julien Grall > ; Wei Liu ; Konrad Rzeszutek Wilk > ; George Dunlap ; > Andrew Cooper ; Doug Goldstein > ; xen-de...@lists.xen.org; Daniel De Graaf > ; Ian Jackson > Subject: Re: [Xen-devel] [PATCH v3 1/2] xsm: add config option for denied > string > > On 17.01.2020 17:44, Sergey Dyasli wrote: > > Signed-off-by: Sergey Dyasli > > In principle > Acked-by: Jan Beulich > > But I think it would be nice to have a non-empty description, at > least to reason why the option addition is deemed useful. > > > --- a/xen/common/Kconfig > > +++ b/xen/common/Kconfig > > @@ -236,6 +236,14 @@ choice > > bool "SILO" if XSM_SILO > > endchoice > > > > +config XSM_DENIED_STRING > > + string "xen_version denied string" > > I guess inserting "hypercall" into this prompt would set better > context without needing to resort to the help text, i.e. > "xen_version hypercall denied string". Thoughts? > "xen_version hypercall denied information replacement string"? It's not like the hypercall as a whole is being denied, after all. Paul > Jan > > ___ > Xen-devel mailing list > Xen-devel@lists.xenproject.org > https://lists.xenproject.org/mailman/listinfo/xen-devel ___ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel
Re: [Xen-devel] [PATCH v3 1/2] xsm: add config option for denied string
On 17.01.2020 17:44, Sergey Dyasli wrote: > Signed-off-by: Sergey Dyasli In principle Acked-by: Jan Beulich But I think it would be nice to have a non-empty description, at least to reason why the option addition is deemed useful. > --- a/xen/common/Kconfig > +++ b/xen/common/Kconfig > @@ -236,6 +236,14 @@ choice > bool "SILO" if XSM_SILO > endchoice > > +config XSM_DENIED_STRING > + string "xen_version denied string" I guess inserting "hypercall" into this prompt would set better context without needing to resort to the help text, i.e. "xen_version hypercall denied string". Thoughts? Jan ___ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel
[Xen-devel] [PATCH v3 1/2] xsm: add config option for denied string
Signed-off-by: Sergey Dyasli --- v2 --> v3: - new patch CC: Andrew Cooper CC: George Dunlap CC: Ian Jackson CC: Jan Beulich CC: Julien Grall CC: Konrad Rzeszutek Wilk CC: Stefano Stabellini CC: Wei Liu CC: Daniel De Graaf CC: Doug Goldstein --- xen/common/Kconfig | 8 xen/common/version.c | 2 +- 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/xen/common/Kconfig b/xen/common/Kconfig index b3d161d057..f0a3f0da0f 100644 --- a/xen/common/Kconfig +++ b/xen/common/Kconfig @@ -236,6 +236,14 @@ choice bool "SILO" if XSM_SILO endchoice +config XSM_DENIED_STRING + string "xen_version denied string" + default "" + depends on XSM + ---help--- + A string which substitutes sensitive information returned via + xen_version hypercall to non-privileged guests + config LATE_HWDOM bool "Dedicated hardware domain" default n diff --git a/xen/common/version.c b/xen/common/version.c index 937eb1281c..14b205af48 100644 --- a/xen/common/version.c +++ b/xen/common/version.c @@ -67,7 +67,7 @@ const char *xen_banner(void) const char *xen_deny(void) { -return ""; +return CONFIG_XSM_DENIED_STRING; } static const void *build_id_p __read_mostly; -- 2.17.1 ___ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel