Xen project Mailing List

Re: [Xen-devel] [PATCH v2] xsm: hide detailed Xen version from unprivileged guests

From: George Dunlap <George.Dunlap@xxxxxxxxxx>

Date: Sat, 11 Jan 2020 09:02:39 +0000

Accept-language: en-GB, en-US

Authentication-results: esa3.hc3370-68.iphmx.com; dkim=none (message not signed) header.i=none; spf=None smtp.pra=George.Dunlap@xxxxxxxxxx; spf=Pass smtp.mailfrom=George.Dunlap@xxxxxxxxxx; spf=None smtp.helo=postmaster@xxxxxxxxxxxxxxx

Cc: Sergey Dyasli <sergey.dyasli@xxxxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Wei Liu <wl@xxxxxxx>, Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx>, Andrew Cooper <Andrew.Cooper3@xxxxxxxxxx>, George Dunlap <George.Dunlap@xxxxxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>, Ian Jackson <Ian.Jackson@xxxxxxxxxx>, Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>

Delivery-date: Sat, 11 Jan 2020 09:02:51 +0000

Ironport-sdr: fYWwIfM+gd9BCrjnBFGGhApNzLzknF3STVSe3jJJdn1eV6IcU1MHT0U+fC+v0Ro88hqryKtcu7 M0AP7Zn9WSeP33+uOUr/8pcUK0eceZObGYaLl/vpVOSsIut7kDwHBQK5ZtiyIwu87+nz7ZrctU 08WFlDCBCruTCUXJYEOnhI1UBV/5Yqd8jZ7NEkM7zObikZi1jQmEA8F7QqxX0HeXcCvPtMIc1b ZDBWXGH3jxT9lGM7fAVq2IZZgwCGCvDlblj6qbm+XqfxhDxHz+3jsUls0qObhAEJecBP5kJjyv 1yU=

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

Thread-index: AQHVx6H06GanjEQbAUmN87QxqbsgEKfkx7wAgABT/IA=

Thread-topic: [Xen-devel] [PATCH v2] xsm: hide detailed Xen version from unprivileged guests

> On Jan 11, 2020, at 4:02 AM, Doug Goldstein <cardoe@xxxxxxxxxx> wrote: > > > > On 1/10/20 4:37 AM, Sergey Dyasli wrote: >> Hide the following information that can help identify the running Xen >> binary version: XENVER_extraversion, XENVER_compile_info, XENVER_changeset. >> Add explicit cases for XENVER_commandline and XENVER_build_id as well. >> Introduce xsm_filter_denied() to hvmloader to remove "<denied>" string >> from guest's DMI tables that otherwise would be shown in tools like >> dmidecode. >> Signed-off-by: Sergey Dyasli <sergey.dyasli@xxxxxxxxxx> >> --- >> v1 --> v2: >> - Added xsm_filter_denied() to hvmloader instead of modifying xen_deny() > > So 100% this version of the patch won't fly with the various downstreams that > run the v1 of this patch. Those various consumers will stick with v1. > > If the goal of this is to reduce the burden of the downstreams and their > customers to carry a patch against Xen then I wouldn't even bother with this > version. If the goal is to come up with a solution that works for everyone, it would be helpful if you said *why* “various consumers” would find this patch unacceptable; and also what they might think about the alternate solutions proposed (and why). -George _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxxx https://lists.xenproject.org/mailman/listinfo/xen-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.