[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] [PATCH] XSA-77: widen scope again



As discussed on the hackathon, avoid us having to issue security
advisories for issues affecting only heavily disaggregated tool stack
setups, which no-one appears to use (or else they should step up to get
things into shape).

Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>
---
As we want to retain supported status of stubdom qemu: Does qemu use
any others when use in a stub domain?

--- a/docs/misc/xsm-flask.txt
+++ b/docs/misc/xsm-flask.txt
@@ -59,68 +59,16 @@ http://www.xenproject.org/security-polic 
 
 __HYPERVISOR_domctl (xen/include/public/domctl.h)
 
- The following subops are covered by this statement. subops not listed
- here are considered safe for disaggregation.
+ All subops except for the following are covered by this statement.
 
- * XEN_DOMCTL_createdomain
- * XEN_DOMCTL_destroydomain
- * XEN_DOMCTL_getmemlist
- * XEN_DOMCTL_setvcpuaffinity
- * XEN_DOMCTL_shadow_op
- * XEN_DOMCTL_max_mem
- * XEN_DOMCTL_setvcpucontext
- * XEN_DOMCTL_getvcpucontext
- * XEN_DOMCTL_max_vcpus
- * XEN_DOMCTL_scheduler_op
- * XEN_DOMCTL_iomem_permission
- * XEN_DOMCTL_gethvmcontext
- * XEN_DOMCTL_sethvmcontext
- * XEN_DOMCTL_set_address_size
- * XEN_DOMCTL_assign_device
- * XEN_DOMCTL_pin_mem_cacheattr
- * XEN_DOMCTL_set_ext_vcpucontext
- * XEN_DOMCTL_get_ext_vcpucontext
- * XEN_DOMCTL_test_assign_device
- * XEN_DOMCTL_set_target
- * XEN_DOMCTL_deassign_device
- * XEN_DOMCTL_get_device_group
- * XEN_DOMCTL_set_machine_address_size
- * XEN_DOMCTL_debug_op
- * XEN_DOMCTL_gethvmcontext_partial
- * XEN_DOMCTL_vm_event_op
- * XEN_DOMCTL_mem_sharing_op
- * XEN_DOMCTL_setvcpuextstate
- * XEN_DOMCTL_getvcpuextstate
- * XEN_DOMCTL_set_access_required
- * XEN_DOMCTL_set_virq_handler
- * XEN_DOMCTL_set_broken_page_p2m
- * XEN_DOMCTL_setnodeaffinity
- * XEN_DOMCTL_gdbsx_guestmemio
+ * XEN_DOMCTL_ioport_mapping
+ * XEN_DOMCTL_memory_mapping
+ * XEN_DOMCTL_bind_pt_irq
+ * XEN_DOMCTL_unbind_pt_irq
 
 __HYPERVISOR_sysctl (xen/include/public/sysctl.h)
 
- The following subops are covered by this statement. subops not listed
- here are considered safe for disaggregation.
-
- * XEN_SYSCTL_readconsole
- * XEN_SYSCTL_tbuf_op
- * XEN_SYSCTL_physinfo
- * XEN_SYSCTL_sched_id
- * XEN_SYSCTL_perfc_op
- * XEN_SYSCTL_getdomaininfolist
- * XEN_SYSCTL_debug_keys
- * XEN_SYSCTL_getcpuinfo
- * XEN_SYSCTL_availheap
- * XEN_SYSCTL_get_pmstat
- * XEN_SYSCTL_cpu_hotplug
- * XEN_SYSCTL_pm_op
- * XEN_SYSCTL_page_offline_op
- * XEN_SYSCTL_lockprof_op
- * XEN_SYSCTL_cputopoinfo
- * XEN_SYSCTL_numainfo
- * XEN_SYSCTL_cpupool_op
- * XEN_SYSCTL_scheduler_op
- * XEN_SYSCTL_coverage_op
+ All subops are covered by this statement.
 
 __HYPERVISOR_memory_op (xen/include/public/memory.h)
 



Attachment: xsa77-addendum.patch
Description: Text document

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.