From patchwork Tue Feb 11 13:42:19 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sergey Dyasli X-Patchwork-Id: 11375523 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 3B61992A for ; Tue, 11 Feb 2020 13:43:30 +0000 (UTC) Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 17B8C20714 for ; Tue, 11 Feb 2020 13:43:30 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=fail reason="signature verification failed" (1024-bit key) header.d=citrix.com header.i=@citrix.com header.b="UCu878tV" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 17B8C20714 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=citrix.com Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1j1VoE-0005q5-76; Tue, 11 Feb 2020 13:42:38 +0000 Received: from us1-rack-iad1.inumbo.com ([172.99.69.81]) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1j1VoC-0005pT-CC for xen-devel@lists.xen.org; Tue, 11 Feb 2020 13:42:36 +0000 X-Inumbo-ID: 59e35cae-4cd4-11ea-8d48-bc764e2007e4 Received: from esa5.hc3370-68.iphmx.com (unknown [216.71.155.168]) by us1-rack-iad1.inumbo.com (Halon) with ESMTPS id 59e35cae-4cd4-11ea-8d48-bc764e2007e4; Tue, 11 Feb 2020 13:42:31 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=citrix.com; s=securemail; t=1581428551; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version; bh=R+vXsjxpVw8T8CTr2MPpkBq3V1PxaaAJEGeR1pf0czE=; b=UCu878tVZgJQycTdwP//+g7KBui3AcmaDHu8tvhLwhYS7DZ58HXLsBR4 56MlA06wlFnXVUMyZvCQvwnPeXmbcjg3wowjDnjIfUjDmHJ4E3nKoAnM8 68sDIjHosIgDd3iwAfwwnE4PdEGlT1Eqh1HOwrg603Cvs7Yl4HEHWSFTz c=; Authentication-Results: esa5.hc3370-68.iphmx.com; dkim=none (message not signed) header.i=none; spf=None smtp.pra=sergey.dyasli@citrix.com; spf=Pass smtp.mailfrom=sergey.dyasli@citrix.com; spf=None smtp.helo=postmaster@mail.citrix.com Received-SPF: None (esa5.hc3370-68.iphmx.com: no sender authenticity information available from domain of sergey.dyasli@citrix.com) identity=pra; client-ip=162.221.158.21; receiver=esa5.hc3370-68.iphmx.com; envelope-from="sergey.dyasli@citrix.com"; x-sender="sergey.dyasli@citrix.com"; x-conformance=sidf_compatible Received-SPF: Pass (esa5.hc3370-68.iphmx.com: domain of sergey.dyasli@citrix.com designates 162.221.158.21 as permitted sender) identity=mailfrom; client-ip=162.221.158.21; receiver=esa5.hc3370-68.iphmx.com; envelope-from="sergey.dyasli@citrix.com"; x-sender="sergey.dyasli@citrix.com"; x-conformance=sidf_compatible; x-record-type="v=spf1"; x-record-text="v=spf1 ip4:209.167.231.154 ip4:178.63.86.133 ip4:195.66.111.40/30 ip4:85.115.9.32/28 ip4:199.102.83.4 ip4:192.28.146.160 ip4:192.28.146.107 ip4:216.52.6.88 ip4:216.52.6.188 ip4:162.221.158.21 ip4:162.221.156.83 ip4:168.245.78.127 ~all" Received-SPF: None (esa5.hc3370-68.iphmx.com: no sender authenticity information available from domain of postmaster@mail.citrix.com) identity=helo; client-ip=162.221.158.21; receiver=esa5.hc3370-68.iphmx.com; envelope-from="sergey.dyasli@citrix.com"; x-sender="postmaster@mail.citrix.com"; x-conformance=sidf_compatible IronPort-SDR: QM1YN7ZkAAb+fjt8dJ4A9hni9m+KYfLAjzUECQVha4FY5wkWnKqrHwELNlShWX+l+fGILGgj2+ TGGnAPC/4iF+oRw+XZ+mCGEXRfyh5Z01wgUMDdg18XgicnPlncoJR62vUZmKWkePJyWekiSnC3 0K1mzgxi9P4LXkhEveQke5lJSbCP9602HjGsMez/AdRMZI3GwUsnqit9PKljHynXbxZvAsXIt+ xhvfJTnBFrwpwqAJaCLYnLDimol3tTKYue8uFd9sJ30ShxYPHABZi0moNdk2ytWhlEUQ1361Tl pJ0= X-SBRS: 2.7 X-MesageID: 12638713 X-Ironport-Server: esa5.hc3370-68.iphmx.com X-Remote-IP: 162.221.158.21 X-Policy: $RELAYED X-IronPort-AV: E=Sophos;i="5.70,428,1574139600"; d="scan'208";a="12638713" From: Sergey Dyasli To: Date: Tue, 11 Feb 2020 13:42:19 +0000 Message-ID: <20200211134220.9194-2-sergey.dyasli@citrix.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20200211134220.9194-1-sergey.dyasli@citrix.com> References: <20200211134220.9194-1-sergey.dyasli@citrix.com> MIME-Version: 1.0 Subject: [Xen-devel] [PATCH v4 1/2] xsm: add Kconfig option for denied string X-BeenThere: xen-devel@lists.xenproject.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Cc: Sergey Dyasli , Stefano Stabellini , Julien Grall , Wei Liu , Konrad Rzeszutek Wilk , George Dunlap , Andrew Cooper , Ian Jackson , Jan Beulich , Daniel De Graaf , Doug Goldstein Errors-To: xen-devel-bounces@lists.xenproject.org Sender: "Xen-devel" Add Kconfig option to make it possible to configure the string returned to non-privileged guests instead of the default "" which could propagate to UI / logs after the subsequent patch that hides detailed Xen version information from unprivileged guests. Introduce XENVER_denied_string to allow guests to set up UI / logs filtering which dependens on the new CONFIG_XSM_DENIED_STRING. Signed-off-by: Sergey Dyasli --- v3 --> v4: - Updated kconfig prompt description - Added XENVER_denied_string - Added #ifdef to fix build when CONFIG_XSM is not set v2 --> v3: - new patch --- xen/common/Kconfig | 8 ++++++++ xen/common/kernel.c | 11 +++++++++++ xen/common/version.c | 4 ++++ xen/include/public/version.h | 5 +++++ xen/include/xsm/dummy.h | 1 + 5 files changed, 29 insertions(+) diff --git a/xen/common/Kconfig b/xen/common/Kconfig index a6914fcae9..4a1a9398cd 100644 --- a/xen/common/Kconfig +++ b/xen/common/Kconfig @@ -228,6 +228,14 @@ choice bool "SILO" if XSM_SILO endchoice +config XSM_DENIED_STRING + string "xen_version hypercall denied information replacement string" + default "" + depends on XSM + ---help--- + A string which substitutes sensitive information returned via + xen_version hypercall to non-privileged guests + config LATE_HWDOM bool "Dedicated hardware domain" default n diff --git a/xen/common/kernel.c b/xen/common/kernel.c index 22941cec94..1c22e5d167 100644 --- a/xen/common/kernel.c +++ b/xen/common/kernel.c @@ -561,6 +561,17 @@ DO(xen_version)(int cmd, XEN_GUEST_HANDLE_PARAM(void) arg) return sz; } + + case XENVER_denied_string: + { + xen_denied_string_t str; + + safe_strcpy(str, xen_deny()); + if ( copy_to_guest(arg, str, XEN_DENIED_STRING_LEN) ) + return -EFAULT; + + return 0; + } } return -ENOSYS; diff --git a/xen/common/version.c b/xen/common/version.c index 937eb1281c..fbd0ef4668 100644 --- a/xen/common/version.c +++ b/xen/common/version.c @@ -67,7 +67,11 @@ const char *xen_banner(void) const char *xen_deny(void) { +#ifdef CONFIG_XSM_DENIED_STRING + return CONFIG_XSM_DENIED_STRING; +#else return ""; +#endif } static const void *build_id_p __read_mostly; diff --git a/xen/include/public/version.h b/xen/include/public/version.h index 17a81e23cd..f65001d2d9 100644 --- a/xen/include/public/version.h +++ b/xen/include/public/version.h @@ -100,6 +100,11 @@ struct xen_build_id { }; typedef struct xen_build_id xen_build_id_t; +/* arg == xen_denied_string_t. */ +#define XENVER_denied_string 11 +typedef char xen_denied_string_t[64]; +#define XEN_DENIED_STRING_LEN (sizeof(xen_denied_string_t)) + #endif /* __XEN_PUBLIC_VERSION_H__ */ /* diff --git a/xen/include/xsm/dummy.h b/xen/include/xsm/dummy.h index b8e185e6fa..72a101b106 100644 --- a/xen/include/xsm/dummy.h +++ b/xen/include/xsm/dummy.h @@ -748,6 +748,7 @@ static XSM_INLINE int xsm_xen_version (XSM_DEFAULT_ARG uint32_t op) case XENVER_version: case XENVER_platform_parameters: case XENVER_get_features: + case XENVER_denied_string: /* These sub-ops ignore the permission checks and return data. */ return 0; case XENVER_extraversion: