From patchwork Fri Jan 17 16:44:31 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sergey Dyasli X-Patchwork-Id: 11339545 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id EDB1B14B4 for ; Fri, 17 Jan 2020 16:46:01 +0000 (UTC) Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id CA2F22064C for ; Fri, 17 Jan 2020 16:46:01 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=fail reason="signature verification failed" (1024-bit key) header.d=citrix.com header.i=@citrix.com header.b="MYi61zNt" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org CA2F22064C Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=citrix.com Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1isUjj-000088-2q; Fri, 17 Jan 2020 16:44:43 +0000 Received: from all-amaz-eas1.inumbo.com ([34.197.232.57] helo=us1-amaz-eas2.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1isUjh-000083-Rh for xen-devel@lists.xen.org; Fri, 17 Jan 2020 16:44:41 +0000 X-Inumbo-ID: a5f3c7a4-3948-11ea-b595-12813bfff9fa Received: from esa6.hc3370-68.iphmx.com (unknown [216.71.155.175]) by us1-amaz-eas2.inumbo.com (Halon) with ESMTPS id a5f3c7a4-3948-11ea-b595-12813bfff9fa; Fri, 17 Jan 2020 16:44:37 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=citrix.com; s=securemail; t=1579279477; h=from:to:cc:subject:date:message-id:mime-version; bh=3OK9ICucmvY4btYuyVU/iRu7zAvg+8aI04OWZlF9DEA=; b=MYi61zNtRyjChuY0A82UQ6r+CJRTMsHQUL+Jg4mXpUV0N5kfEoCq4Amu 7AygZ/5Pp3U1op038IW94gtoJnoBjev89CVZajkYKYiQ3ZWDkKMxi57oF jKxeqqAE1pMAQAWr0va72uutWl1sS8s2Am4rhvkHo2ByEIPLujtFrc1+r M=; Authentication-Results: esa6.hc3370-68.iphmx.com; dkim=none (message not signed) header.i=none; spf=None smtp.pra=sergey.dyasli@citrix.com; spf=Pass smtp.mailfrom=sergey.dyasli@citrix.com; spf=None smtp.helo=postmaster@mail.citrix.com Received-SPF: None (esa6.hc3370-68.iphmx.com: no sender authenticity information available from domain of sergey.dyasli@citrix.com) identity=pra; client-ip=162.221.158.21; receiver=esa6.hc3370-68.iphmx.com; envelope-from="sergey.dyasli@citrix.com"; x-sender="sergey.dyasli@citrix.com"; x-conformance=sidf_compatible Received-SPF: Pass (esa6.hc3370-68.iphmx.com: domain of sergey.dyasli@citrix.com designates 162.221.158.21 as permitted sender) identity=mailfrom; client-ip=162.221.158.21; receiver=esa6.hc3370-68.iphmx.com; envelope-from="sergey.dyasli@citrix.com"; x-sender="sergey.dyasli@citrix.com"; x-conformance=sidf_compatible; x-record-type="v=spf1"; x-record-text="v=spf1 ip4:209.167.231.154 ip4:178.63.86.133 ip4:195.66.111.40/30 ip4:85.115.9.32/28 ip4:199.102.83.4 ip4:192.28.146.160 ip4:192.28.146.107 ip4:216.52.6.88 ip4:216.52.6.188 ip4:162.221.158.21 ip4:162.221.156.83 ip4:168.245.78.127 ~all" Received-SPF: None (esa6.hc3370-68.iphmx.com: no sender authenticity information available from domain of postmaster@mail.citrix.com) identity=helo; client-ip=162.221.158.21; receiver=esa6.hc3370-68.iphmx.com; envelope-from="sergey.dyasli@citrix.com"; x-sender="postmaster@mail.citrix.com"; x-conformance=sidf_compatible IronPort-SDR: XNpmbnAFnfnpDrb+xHiaHxMMzpytFNzsH6cFB7Rqec9aUk43InUK391AyxbOZToMlH7PfB7fMI Wx4a6ddd2luTiNlrkFhn1VdfJIK2mxHfcg0OLXW73PdYOqq/dNGcvKMbNdhLxyqluBxg4qyblp FwFQaMnc1dZFDTPn4aNRn5QzZR2UNLPxU/x4/V1Nv3ELhCaQvg7AmUeQ/boB3C3WQ08DBBCIij IuGP0QvdFoqbnEEuuldxQJIE+UDehTn3YOwlI6aKVZZZV/Ajvgxs+vpF9lNBKGvbiYhypr7Pr5 Al8= X-SBRS: 2.7 X-MesageID: 11515041 X-Ironport-Server: esa6.hc3370-68.iphmx.com X-Remote-IP: 162.221.158.21 X-Policy: $RELAYED X-IronPort-AV: E=Sophos;i="5.70,330,1574139600"; d="scan'208";a="11515041" From: Sergey Dyasli To: Date: Fri, 17 Jan 2020 16:44:31 +0000 Message-ID: <20200117164432.32245-1-sergey.dyasli@citrix.com> X-Mailer: git-send-email 2.17.1 MIME-Version: 1.0 Subject: [Xen-devel] [PATCH v3 1/2] xsm: add config option for denied string X-BeenThere: xen-devel@lists.xenproject.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Cc: Sergey Dyasli , Stefano Stabellini , Julien Grall , Wei Liu , Konrad Rzeszutek Wilk , George Dunlap , Andrew Cooper , Ian Jackson , Jan Beulich , Daniel De Graaf , Doug Goldstein Errors-To: xen-devel-bounces@lists.xenproject.org Sender: "Xen-devel" Signed-off-by: Sergey Dyasli Acked-by: Jan Beulich --- v2 --> v3: - new patch CC: Andrew Cooper CC: George Dunlap CC: Ian Jackson CC: Jan Beulich CC: Julien Grall CC: Konrad Rzeszutek Wilk CC: Stefano Stabellini CC: Wei Liu CC: Daniel De Graaf CC: Doug Goldstein --- xen/common/Kconfig | 8 ++++++++ xen/common/version.c | 2 +- 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/xen/common/Kconfig b/xen/common/Kconfig index b3d161d057..f0a3f0da0f 100644 --- a/xen/common/Kconfig +++ b/xen/common/Kconfig @@ -236,6 +236,14 @@ choice bool "SILO" if XSM_SILO endchoice +config XSM_DENIED_STRING + string "xen_version denied string" + default "" + depends on XSM + ---help--- + A string which substitutes sensitive information returned via + xen_version hypercall to non-privileged guests + config LATE_HWDOM bool "Dedicated hardware domain" default n diff --git a/xen/common/version.c b/xen/common/version.c index 937eb1281c..14b205af48 100644 --- a/xen/common/version.c +++ b/xen/common/version.c @@ -67,7 +67,7 @@ const char *xen_banner(void) const char *xen_deny(void) { - return ""; + return CONFIG_XSM_DENIED_STRING; } static const void *build_id_p __read_mostly;