commit 7b89ea44dbcb965b6b67c8de5092ea2b95d4c6f9 Author: James Dingwall Date: Tue Nov 5 11:16:20 2024 +0000 libxl: drop setting XEN_QEMU_CONSOLE_LIMIT in the environment (XSA-180 / CVE-2014-3672) The corresponding code in the Xen qemu repository was not applied from qemu-xen-4.18.0. Signed-off-by: James Dingwall diff --git a/tools/libs/light/libxl_dm.c b/tools/libs/light/libxl_dm.c index 1f2f5bd97a..b193a5dc37 100644 --- a/tools/libs/light/libxl_dm.c +++ b/tools/libs/light/libxl_dm.c @@ -638,20 +638,6 @@ int libxl__domain_device_construct_rdm(libxl__gc *gc, return ERROR_FAIL; } -/* XSA-180 / CVE-2014-3672 - * - * The QEMU shipped with Xen has a bodge. It checks for - * XEN_QEMU_CONSOLE_LIMIT to see how much data QEMU is allowed - * to write to stderr. We set that to 1MB if it is not set by - * system administrator. - */ -static void libxl__set_qemu_env_for_xsa_180(libxl__gc *gc, - flexarray_t *dm_envs) -{ - if (getenv("XEN_QEMU_CONSOLE_LIMIT")) return; - flexarray_append_pair(dm_envs, "XEN_QEMU_CONSOLE_LIMIT", "1048576"); -} - const libxl_vnc_info *libxl__dm_vnc(const libxl_domain_config *guest_config) { const libxl_vnc_info *vnc = NULL; @@ -704,8 +690,6 @@ static int libxl__build_device_model_args_old(libxl__gc *gc, assert(state->dm_monitor_fd == -1); - libxl__set_qemu_env_for_xsa_180(gc, dm_envs); - flexarray_vappend(dm_args, dm, "-d", GCSPRINTF("%d", domid), NULL); @@ -1210,8 +1194,6 @@ static int libxl__build_device_model_args_new(libxl__gc *gc, dm_args = flexarray_make(gc, 16, 1); dm_envs = flexarray_make(gc, 16, 1); - libxl__set_qemu_env_for_xsa_180(gc, dm_envs); - flexarray_vappend(dm_args, dm, "-xen-domid", GCSPRINTF("%d", guest_domid), NULL); @@ -3656,7 +3638,6 @@ void libxl__spawn_qemu_xenpv_backend(libxl__egc *egc, flexarray_append(dm_args, NULL); args = (char **) flexarray_contents(dm_args); - libxl__set_qemu_env_for_xsa_180(gc, dm_envs); envs = (char **) flexarray_contents(dm_envs); logfile_w = libxl__create_qemu_logfile(gc, GCSPRINTF("qdisk-%u", domid));