[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v2] xsm: hide detailed Xen version from unprivileged guests





On 13/01/2020 14:07, George Dunlap wrote:
On 1/13/20 2:01 PM, Andrew Cooper wrote:
On 13/01/2020 13:39, Julien Grall wrote:
Hi George,

Thank you for summarising the possibility. One question below.

On 13/01/2020 12:51, George Dunlap wrote:
2. Block XENVER_extraversion at the hypervisor level.  Leave xen_deny()
as returning "<denied>", but replace "<denied>" with "" in hvmloader so
it doesn't show up in the System Info and scare users.

3. Block XENVER_extraversion at the hypervisor level.  Change xen_deny()
to return a more benign string like "<hidden>".  (Perhaps also filter it
in hvmloader, just for good measure.)

My knowledge of live migration on x86 is a bit limited, but if I
understand correctly those two options would require a guest to reboot
in order to pick up the changes. Am I correct?

Not in the slightest.  The content returned changes whenever the
hypervisor changes.

I guess Julien is talking about the filtering done in hvmloader.  That
filtering is about what's in the guest's ACPI tables; and *that* happens
only once at guest boot; so whatever the scary message is in the Windows
System Information page (or wherever it is) would stay there until the
guest reboots, regardless of which option we go with.

Yes, I was speaking about the filtering done in hvmloader. Thank you both for the explanation.

Cheers,

--
Julien Grall

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.