Xen project Mailing List

[XEN PATCH stable-4.16] tools/libxl: env variable to signal whether disk/nic backend is trusted

From: Anthony PERARD <anthony.perard@xxxxxxxxxx>

Date: Fri, 29 Jul 2022 14:26:40 +0100

Authentication-results: esa2.hc3370-68.iphmx.com; dkim=none (message not signed) header.i=none

Cc: Juergen Gross <jgross@xxxxxxxx>, Wei Liu <wl@xxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>, Andrew Cooper <Andrew.Cooper3@xxxxxxxxxx>, "Roger Pau Monne" <roger.pau@xxxxxxxxxx>, Anthony PERARD <anthony.perard@xxxxxxxxxx>

Delivery-date: Fri, 29 Jul 2022 13:26:56 +0000

Ironport-data: A9a23:dIrv+6KjlqATiKahFE//H55y3J0nRxNeGxL0ikilI80cnZWQUeEPdw9qPMoIMlI7Zkq1ybYU6pjk1CcKHzt1ght/QUK0NyA2KEpqG9lA2JNDUBPUje0YwoEHz3Ja7MxMpXWQ7QQlt0yKgMcZUAcEg5gMNkkTOfD2cQK/E294acydWC6odUkRQ/6V6RiSbpLfIHHDY9r0CF3pauzThPh+POmYyoL5TN3WsLCy6cAYIIKHz6GVwVC15dVudqtm3w1GOuFK3kxO7cBmMHg54luXFV7Ybo76rfLd8no1rUnRPXspg+z10KiapIFWAi5fHJfICtd2EfkNXlqk9PtEzfYLQWVg+OhkPAB2lHX2+aL8nJxcKBKR6GgactTX3VRAqOxZKHZrR6QVdzpFDRn/JKV1m5zIWbSP98WdJHAtfibcOUOQRl9fYwSaGfCkXvD2yrfratdekFnU0O8CHrKJX+1AKbQfV5xc5zEAPeEVo3+EzPSUXqQWmFHVq8T8Ns5NcgNJbvRJpfUFvPmszQc/UAJV2d/2lFxnOcObWMif0f+Bo4QHBzC7sStI4rDC4VnjM/MsKuJbA/tgJd1YpwnBc+wrKnSh59QAtI0O6FbZ3qK8KGmsGfYcfbZa1VuR5DdtnTcUqdxj1w9uvjGW1n92yrxiUGvwazgyzZsAaVXyvDHPRFRFL61iZx9Tht5OyOS5Z0ou74xClZpfG7QOmMCZ5RYV7SICpP8yhG38HDEb3VGQfUXoPz0FuScGyOL59fJIM9294UyjKanKbcXkKxLKsTH2U5cq4zG0YaFFbGGQm8LJ0v/XSjPAVyb4Oo6gZp8DBnbKMlNjT2nZ5wU9AgxDgqmuTzcY53xsahir7vx9ckrR+k6DoxSMEcd1WJajeSI0XOso1rTnbKLGUIGvnCcBpkxuTuWTz0Wwn8qMQ6aiGZSw20Qspq/kUOIzhsocWbx48lTc7V5hhFr7f6VeE4n3AAcmGNa/V3aqL0JO1sEfnuJrXhvUA6u8cOeQM5D4E0eCTnaLWEHJQ9mWK7VFcLtJsxrOg+0NmcXIQk+Tf7ZmSEvWqNKEqbe4RECbPbjU+NQhlQLKMX2YfRPnhS4LJZDflZP6PRy6JhfMaYwC1gO02R4F1m/7RBU+t1k+U1E2BnbmKmbclL1kwBA89KBgfypqeBKBDqumFRh4VD5l46YK/ViFQTCd/muD0MVN10D8EbPplA2K4nsivseSBLpavASwH8N9tUevErGaZtBAAffwGDH7yQGiGigkfM3ZutesCbGoVapxdD9a2idmrpG7Lt1z5h8gAMpi+DkJhetLLMO1TEmtt7CuTt79v4xKqiZsdFL1LsQ1T28BRpZm39vhyO5Xh+yJN2Hdc7EiB7BT6WWwpBqtEKniOPGrgPFL9MUtmt3Y6VK2M29wRjJ4U0yd9Pefsdxe2+bTa5R6nvxL5AkIQWFGsIx/MwYNJRI5tPLoisZvWD8wcQXF6QcyJKwzBtCpdHp3RpyknTGV0UJW1WVCjQfyr2VSmZOgdAfZbiF30KkCyhZjNVlj6GwhVRylNv43kswKnKhilLfwAsOvKd8FXKtx6mN9lj65kdA7exq9mSunpG5wNuaKRdu8aFe/UWTL9KIsc909Hko6HEUyBjB5pNEA0Z3ZQXH7sVNLJOGj5T8ryej2OmTH4IvXvdF3+lFnCxRFKZ0jU34GFlsg6FPP/2ghQy2ZeD+cl1L8vPDhbuj2haNwOfa6DfwW26tOiM4sv8sdCnaX/hg+///WiH7kz5cVNrD+xr9yKZOxKg6n9fqAYbS25A6hYaNFP9Hk80jU/2zuZeVWwlg+gk1qED15RmPSlDEgs/yZQrIxcWU6Y1JdPt9jIldkiLxfW73q2U68prKLt3pa7YP3uIzB9USu+4Z0E66vQzq81+jtTsYcbyRdqXoX0gzNFNNJcdHJ2KA6CgHZNN+IETeHnCCrLmFJe5bQI+jWpJmpORQbU7NaHyxjYNlUA9IOVUBa/2G+DjaEQaFVJYVTAw2+xHuma4lh/Pl+/34+yZkvxRnUn6CDnYvpY9rb0+FkJb2THM6I7x/SYRbBl/Zk1w/bYCzgT7oVGTxXjJICPpXalL7m5hralhYWTPFnJu7bgsL3fLGiOSoy3B3oQiQuZJ5VJ3ZkGHWswnvyC1rn/y8vv2M+LTVr21iN/IwO5r3exsI527WoTfJW/p15+IB0FshXe+ihMs+UxL+PLiBkDLBS8BncdqpGuty37+z4HJ+myPAXA78qeAAHxm0/HRwzKD4y+3pKGI4d7GWL+hQ6ceiM4jBFuCpU2ClleDCtn/sn/0/78W/IO8XPE3KhW895dGRhS8XSa/Ou97UJBV4WC1TJxWIT/+vzEVFwkUHtW4bgH45soEDTBbZrVAtGW7qe3ycGbH7bdWFGZYTAJmbu3AH1pN2gAMRCVT1/+vcQf0tKSaEw7W/iJcOFVX09jTARq6alGE2nLZKKTKpV6ATwm+hJMzV/DMEMwwWF/w6N7OFP6MbejZV3KimGzhK78tuuOZaiJ3oHbeuINMqpsT8jnewG6NbAedGINA5BNueqWz5S0FAjEfuJ4nl1ybLsrCUoHppPAbZy/zbiVkefFGGdWacQD4wZOtdIvClT5LlJlKh8xnFeL/FPFJ7oaxRtE/do8lO+RArqI5YsEesVKmTaOOMGpWi6on0q3YOnuaShQcll50ExwUqKzl9gQL2bIXGNBEPJ5kH1f4S5yPJRzz196EUGoX0knfh0yfU6k3FepGO0Nh6fsdTD4nvUlirBTFVf4NoU/M2L1w==

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

From: Roger Pau Monne <roger.pau@xxxxxxxxxx> Introduce support in libxl for fetching the default backend trusted option for disk and nic devices. Users can set LIBXL_{DISK,NIC}_BACKEND_UNTRUSTED environment variable to notify libxl of whether the backends for disk and nic devices should be trusted. Such information is passed into the frontend so it can take the appropriate measures. This is part of XSA-403. Signed-off-by: Roger Pau Monné <roger.pau@xxxxxxxxxx> Signed-off-by: Anthony PERARD <anthony.perard@xxxxxxxxxx> --- changes: - envvar now upper case - documentation in xl man page - value "0" also mean "trusted" --- docs/man/xl.1.pod.in | 18 ++++++++++++++++++ tools/libs/light/libxl_disk.c | 5 +++++ tools/libs/light/libxl_nic.c | 7 +++++++ 3 files changed, 30 insertions(+) diff --git a/docs/man/xl.1.pod.in b/docs/man/xl.1.pod.in index e2176bd696..45e1430aeb 100644 --- a/docs/man/xl.1.pod.in +++ b/docs/man/xl.1.pod.in @@ -1946,6 +1946,24 @@ shows the decimal value. For non-linear mode, it shows hexadecimal value. =back +=head1 ENVIRONMENT + +=over 4 + +=item B<LIBXL_DISK_BACKEND_UNTRUSTED> + +Set this environment variable to "1" to suggest to the guest that the disk +backend shouldn't be trusted. If the variable is absent or set to "0", the +backend will be trusted. + +=item B<LIBXL_NIC_BACKEND_UNTRUSTED> + +Set this environment variable to "1" to suggest to the guest that the network +backend shouldn't be trusted. If the variable is absent or set to "0", the +backend will be trusted. + +=back + =head1 IGNORED FOR COMPATIBILITY WITH XM xl is mostly command-line compatible with the old xm utility used with diff --git a/tools/libs/light/libxl_disk.c b/tools/libs/light/libxl_disk.c index 93936d0dd0..67d1cc1857 100644 --- a/tools/libs/light/libxl_disk.c +++ b/tools/libs/light/libxl_disk.c @@ -246,6 +246,7 @@ static void device_disk_add(libxl__egc *egc, uint32_t domid, libxl_domain_config d_config; libxl_device_disk disk_saved; libxl__flock *lock = NULL; + const char *envvar; libxl_domain_config_init(&d_config); libxl_device_disk_init(&disk_saved); @@ -395,6 +396,10 @@ static void device_disk_add(libxl__egc *egc, uint32_t domid, flexarray_append(front, GCSPRINTF("%d", device->devid)); flexarray_append(front, "device-type"); flexarray_append(front, disk->is_cdrom ? "cdrom" : "disk"); + flexarray_append(front, "trusted"); + envvar = getenv("LIBXL_DISK_BACKEND_UNTRUSTED"); + /* Set "trusted=1" if envvar missing or is "0". */ + flexarray_append(front, !envvar || !strcmp("0", envvar) ? "1" : "0"); /* * Old PV kernel disk frontends before 2.6.26 rely on tool stack to diff --git a/tools/libs/light/libxl_nic.c b/tools/libs/light/libxl_nic.c index 0b9e70c9d1..f87890d1d6 100644 --- a/tools/libs/light/libxl_nic.c +++ b/tools/libs/light/libxl_nic.c @@ -132,6 +132,8 @@ static int libxl__set_xenstore_nic(libxl__gc *gc, uint32_t domid, flexarray_t *back, flexarray_t *front, flexarray_t *ro_front) { + const char *envvar; + flexarray_grow(back, 2); if (nic->script) @@ -255,6 +257,11 @@ static int libxl__set_xenstore_nic(libxl__gc *gc, uint32_t domid, flexarray_append(back, "hotplug-status"); flexarray_append(back, ""); + flexarray_append(front, "trusted"); + envvar = getenv("LIBXL_NIC_BACKEND_UNTRUSTED"); + /* Set "trusted=1" if envvar missing or is "0". */ + flexarray_append(front, !envvar || !strcmp("0", envvar) ? "1" : "0"); + return 0; } -- Anthony PERARD

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.