|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH v2] xsm: hide detailed Xen version from unprivileged guests
On 13/01/2020 14:07, George Dunlap wrote: On 1/13/20 2:01 PM, Andrew Cooper wrote:On 13/01/2020 13:39, Julien Grall wrote:Hi George, Thank you for summarising the possibility. One question below. On 13/01/2020 12:51, George Dunlap wrote:2. Block XENVER_extraversion at the hypervisor level. Leave xen_deny() as returning "<denied>", but replace "<denied>" with "" in hvmloader so it doesn't show up in the System Info and scare users. 3. Block XENVER_extraversion at the hypervisor level. Change xen_deny() to return a more benign string like "<hidden>". (Perhaps also filter it in hvmloader, just for good measure.)My knowledge of live migration on x86 is a bit limited, but if I understand correctly those two options would require a guest to reboot in order to pick up the changes. Am I correct?Not in the slightest. The content returned changes whenever the hypervisor changes.I guess Julien is talking about the filtering done in hvmloader. That filtering is about what's in the guest's ACPI tables; and *that* happens only once at guest boot; so whatever the scary message is in the Windows System Information page (or wherever it is) would stay there until the guest reboots, regardless of which option we go with. Yes, I was speaking about the filtering done in hvmloader. Thank you both for the explanation. Cheers, -- Julien Grall _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxxx https://lists.xenproject.org/mailman/listinfo/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |