| Message ID | 20200117164432.32245-1-sergey.dyasli@citrix.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | [v3,1/2] xsm: add config option for denied string | expand |
On 17.01.2020 17:44, Sergey Dyasli wrote: > Signed-off-by: Sergey Dyasli <sergey.dyasli@citrix.com> In principle Acked-by: Jan Beulich <jbeulich@suse.com> But I think it would be nice to have a non-empty description, at least to reason why the option addition is deemed useful. > --- a/xen/common/Kconfig > +++ b/xen/common/Kconfig > @@ -236,6 +236,14 @@ choice > bool "SILO" if XSM_SILO > endchoice > > +config XSM_DENIED_STRING > + string "xen_version denied string" I guess inserting "hypercall" into this prompt would set better context without needing to resort to the help text, i.e. "xen_version hypercall denied string". Thoughts? Jan
> -----Original Message----- > From: Xen-devel <xen-devel-bounces@lists.xenproject.org> On Behalf Of Jan > Beulich > Sent: 20 January 2020 09:51 > To: Sergey Dyasli <sergey.dyasli@citrix.com> > Cc: Stefano Stabellini <sstabellini@kernel.org>; Julien Grall > <julien@xen.org>; Wei Liu <wl@xen.org>; Konrad Rzeszutek Wilk > <konrad.wilk@oracle.com>; George Dunlap <George.Dunlap@eu.citrix.com>; > Andrew Cooper <andrew.cooper3@citrix.com>; Doug Goldstein > <cardoe@cardoe.com>; xen-devel@lists.xen.org; Daniel De Graaf > <dgdegra@tycho.nsa.gov>; Ian Jackson <ian.jackson@eu.citrix.com> > Subject: Re: [Xen-devel] [PATCH v3 1/2] xsm: add config option for denied > string > > On 17.01.2020 17:44, Sergey Dyasli wrote: > > Signed-off-by: Sergey Dyasli <sergey.dyasli@citrix.com> > > In principle > Acked-by: Jan Beulich <jbeulich@suse.com> > > But I think it would be nice to have a non-empty description, at > least to reason why the option addition is deemed useful. > > > --- a/xen/common/Kconfig > > +++ b/xen/common/Kconfig > > @@ -236,6 +236,14 @@ choice > > bool "SILO" if XSM_SILO > > endchoice > > > > +config XSM_DENIED_STRING > > + string "xen_version denied string" > > I guess inserting "hypercall" into this prompt would set better > context without needing to resort to the help text, i.e. > "xen_version hypercall denied string". Thoughts? > "xen_version hypercall denied information replacement string"? It's not like the hypercall as a whole is being denied, after all. Paul > Jan > > _______________________________________________ > Xen-devel mailing list > Xen-devel@lists.xenproject.org > https://lists.xenproject.org/mailman/listinfo/xen-devel
diff --git a/xen/common/Kconfig b/xen/common/Kconfig index b3d161d057..f0a3f0da0f 100644 --- a/xen/common/Kconfig +++ b/xen/common/Kconfig @@ -236,6 +236,14 @@ choice bool "SILO" if XSM_SILO endchoice +config XSM_DENIED_STRING + string "xen_version denied string" + default "<denied>" + depends on XSM + ---help--- + A string which substitutes sensitive information returned via + xen_version hypercall to non-privileged guests + config LATE_HWDOM bool "Dedicated hardware domain" default n diff --git a/xen/common/version.c b/xen/common/version.c index 937eb1281c..14b205af48 100644 --- a/xen/common/version.c +++ b/xen/common/version.c @@ -67,7 +67,7 @@ const char *xen_banner(void) const char *xen_deny(void) { - return "<denied>"; + return CONFIG_XSM_DENIED_STRING; } static const void *build_id_p __read_mostly;
Signed-off-by: Sergey Dyasli <sergey.dyasli@citrix.com> --- v2 --> v3: - new patch CC: Andrew Cooper <andrew.cooper3@citrix.com> CC: George Dunlap <George.Dunlap@eu.citrix.com> CC: Ian Jackson <ian.jackson@eu.citrix.com> CC: Jan Beulich <jbeulich@suse.com> CC: Julien Grall <julien@xen.org> CC: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> CC: Stefano Stabellini <sstabellini@kernel.org> CC: Wei Liu <wl@xen.org> CC: Daniel De Graaf <dgdegra@tycho.nsa.gov> CC: Doug Goldstein <cardoe@cardoe.com> --- xen/common/Kconfig | 8 ++++++++ xen/common/version.c | 2 +- 2 files changed, 9 insertions(+), 1 deletion(-)