Message ID | 1478095837-9524-1-git-send-email-wei.liu2@citrix.com (mailing list archive) |
---|---|
State | New, archived |
Headers | show |
Wei Liu writes ("[PATCH for-4.8] libxl: disallow enabling PoD and ALTP2M at the same time"): > That combination would cause Xen to crash. Note that this is not a > security issue because ALTP2M is experimental. Acked-by: Ian Jackson <ian.jackson@eu.citrix.com> You mean, though Note that although this is a security issue, is not an XSA-worthy because ALTP2M is experimental. And you should probably CC the altp2m maintainers. Ian.
On Wed, Nov 02, 2016 at 02:43:58PM +0000, Ian Jackson wrote: > Wei Liu writes ("[PATCH for-4.8] libxl: disallow enabling PoD and ALTP2M at the same time"): > > That combination would cause Xen to crash. Note that this is not a > > security issue because ALTP2M is experimental. > > Acked-by: Ian Jackson <ian.jackson@eu.citrix.com> > > You mean, though > > Note that although this is a security issue, is not an XSA-worthy > because ALTP2M is experimental. Right, this is more accurate. > > And you should probably CC the altp2m maintainers. > I've done this now. Wei. > Ian.
On Wed, Nov 02, 2016 at 02:51:41PM +0000, Wei Liu wrote: > On Wed, Nov 02, 2016 at 02:43:58PM +0000, Ian Jackson wrote: > > Wei Liu writes ("[PATCH for-4.8] libxl: disallow enabling PoD and ALTP2M at the same time"): > > > That combination would cause Xen to crash. Note that this is not a > > > security issue because ALTP2M is experimental. > > > > Acked-by: Ian Jackson <ian.jackson@eu.citrix.com> > > > > You mean, though > > > > Note that although this is a security issue, is not an XSA-worthy > > because ALTP2M is experimental. > Updated commit message and applied.
On Thu, Nov 03, 2016 at 11:10:44AM +0000, Wei Liu wrote: > On Wed, Nov 02, 2016 at 02:51:41PM +0000, Wei Liu wrote: > > On Wed, Nov 02, 2016 at 02:43:58PM +0000, Ian Jackson wrote: > > > Wei Liu writes ("[PATCH for-4.8] libxl: disallow enabling PoD and ALTP2M at the same time"): > > > > That combination would cause Xen to crash. Note that this is not a > > > > security issue because ALTP2M is experimental. > > > > > > Acked-by: Ian Jackson <ian.jackson@eu.citrix.com> > > > > > > You mean, though > > > > > > Note that although this is a security issue, is not an XSA-worthy > > > because ALTP2M is experimental. > > > > Updated commit message and applied. I interpreted the code for setting default value wrong. I will revert the patch and staging and rework it. Wei.
diff --git a/tools/libxl/libxl_create.c b/tools/libxl/libxl_create.c index d986cd2..47c297b 100644 --- a/tools/libxl/libxl_create.c +++ b/tools/libxl/libxl_create.c @@ -885,6 +885,13 @@ static void initiate_domain_create(libxl__egc *egc, goto error_out; } + if (d_config->c_info.type == LIBXL_DOMAIN_TYPE_HVM && + libxl_defbool_val(d_config->b_info.u.hvm.altp2m) && + pod_enabled) { + LOG(ERROR, "Cannot enable PoD and ALTP2M at the same time"); + goto error_out; + } + /* PV vNUMA is not yet supported because there is an issue with * cpuid handling. */
That combination would cause Xen to crash. Note that this is not a security issue because ALTP2M is experimental. Signed-off-by: Wei Liu <wei.liu2@citrix.com> --- Cc: Ian Jackson <ian.jackson@eu.citrix.com> Maybe backport this to 4.6 and 4.7? --- tools/libxl/libxl_create.c | 7 +++++++ 1 file changed, 7 insertions(+)