[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [XEN PATCH] tools/xl: Add device_model_stubdomain_init_seclabel option to xl.cfg

Andrew Cooper writes ("Re: [XEN PATCH] tools/xl: Add 
device_model_stubdomain_init_seclabel option to xl.cfg"):
> On 23/07/2021 05:47, Scott Davis wrote:
> >          ret = libxl_flask_context_to_sid(ctx, s, strlen(s),
> >                                           
> > &d_config->b_info.device_model_ssidref);
> > +        if (ret) {
> > +            if (errno == ENOSYS) {
> > +                LOGD(WARN, domid,
> > +                     "XSM Disabled: device_model_stubdomain_init_seclabel 
> > not supported");
> > +                ret = 0;
> Surely this wants to be a hard error?
> Not specifying a label is one thing, but specifying a label and having
> it not take effect because code was compiled out of the hypervisor
> sounds like a security hole.
> I see this is a pattern copied from elsewhere, but it seems very short
> signed.

I wonder if this is to try to make it possible to boot a system whose
config specifies XSM labels but with XSM disabled.

Marek, or someone, can you advise ?

My initial thoughts are to agree with Andrew that ignoring this error
seems to me to be a bad plan, but maybe there is a good reason.

If we do want to improve this, maybe we need to update all the
corresponding call sites.




Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.