[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [XEN PATCH] tools/xl: Add device_model_stubdomain_init_seclabel option to xl.cfg

Andrew Cooper writes ("Re: [XEN PATCH] tools/xl: Add 
device_model_stubdomain_init_seclabel option to xl.cfg"):
> On 23/07/2021 05:47, Scott Davis wrote:
...
> >          ret = libxl_flask_context_to_sid(ctx, s, strlen(s),
> >                                           
> > &d_config->b_info.device_model_ssidref);
> > +        if (ret) {
> > +            if (errno == ENOSYS) {
> > +                LOGD(WARN, domid,
> > +                     "XSM Disabled: device_model_stubdomain_init_seclabel 
> > not supported");
> > +                ret = 0;
> 
> Surely this wants to be a hard error?
> 
> Not specifying a label is one thing, but specifying a label and having
> it not take effect because code was compiled out of the hypervisor
> sounds like a security hole.
> 
> I see this is a pattern copied from elsewhere, but it seems very short
> signed.

I wonder if this is to try to make it possible to boot a system whose
config specifies XSM labels but with XSM disabled.

Marek, or someone, can you advise ?

My initial thoughts are to agree with Andrew that ignoring this error
seems to me to be a bad plan, but maybe there is a good reason.

If we do want to improve this, maybe we need to update all the
corresponding call sites.

Thanks,
Ian.

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.