From patchwork Fri Apr 29 09:35:51 2016
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Jan Beulich <JBeulich@suse.com>
X-Patchwork-Id: 8979151
Return-Path: <xen-devel-bounces@lists.xen.org>
X-Original-To: patchwork-xen-devel@patchwork.kernel.org
Delivered-To: patchwork-parsemail@patchwork2.web.kernel.org
Received: from mail.kernel.org (mail.kernel.org [198.145.29.136])
	by patchwork2.web.kernel.org (Postfix) with ESMTP id 1FB5DBF29F
	for <patchwork-xen-devel@patchwork.kernel.org>;
	Fri, 29 Apr 2016 09:38:06 +0000 (UTC)
Received: from mail.kernel.org (localhost [127.0.0.1])
	by mail.kernel.org (Postfix) with ESMTP id 171C3200FF
	for <patchwork-xen-devel@patchwork.kernel.org>;
	Fri, 29 Apr 2016 09:38:05 +0000 (UTC)
Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120])
	(using TLSv1.2 with cipher AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by mail.kernel.org (Postfix) with ESMTPS id 1BB4820220
	for <patchwork-xen-devel@patchwork.kernel.org>;
	Fri, 29 Apr 2016 09:38:04 +0000 (UTC)
Received: from localhost ([127.0.0.1] helo=lists.xenproject.org)
	by lists.xenproject.org with esmtp (Exim 4.84_2)
	(envelope-from <xen-devel-bounces@lists.xen.org>)
	id 1aw4q7-00024T-Oq; Fri, 29 Apr 2016 09:35:59 +0000
Received: from mail6.bemta6.messagelabs.com ([85.158.143.247])
	by lists.xenproject.org with esmtp (Exim 4.84_2)
	(envelope-from <JBeulich@suse.com>) id 1aw4q6-00024I-PT
	for xen-devel@lists.xenproject.org; Fri, 29 Apr 2016 09:35:58 +0000
Received: from [85.158.143.35] by server-3.bemta-6.messagelabs.com id
	1F/80-07120-EFA23275; Fri, 29 Apr 2016 09:35:58 +0000
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFlrMIsWRWlGSWpSXmKPExsXS6fjDS/evlnK
	4wcMWHovvWyYzOTB6HP5whSWAMYo1My8pvyKBNePF+a1MBTsMKn4s9G1gXKTdxcjJISSQJ7F7
	61/2LkYODl4BO4llW51AwhIChhL75q9iA7FZBFQlnrz+xwhiswmoS7Q9284KUi4iYCBx7mhSF
	yMXB7PAWiaJi7PuMoHUCAtoSWx93s4KMVJQ4u8OYZAwM9D0plf9LBMYuWYhZGYhyUDYWhIPf9
	2CsrUlli18zQxSziwgLbH8HwdE2FRiwtMFTKhKQGwHie03r7IuYORYxahenFpUllqka6yXVJS
	ZnlGSm5iZo2toYKaXm1pcnJiempOYVKyXnJ+7iREYeAxAsIOx45/TIUZJDiYlUd4QTuVwIb6k
	/JTKjMTijPii0pzU4kOMMhwcShK8HzSBcoJFqempFWmZOcAYgElLcPAoifBeA0nzFhck5hZnp
	kOkTjEqSonzNoEkBEASGaV5cG2wuLvEKCslzMsIdIgQT0FqUW5mCar8K0ZxDkYlYd53IFN4Mv
	NK4Ka/AlrMBLRYYJMiyOKSRISUVAPjrGx1AXGdGyvvT6p/0tpwWPdJLGOE7TtjHQOexJezN/x
	WM7myg3fvnPhVB1U2nfWpPnNuTVeWq0ij3NuKF5eCLKZ8fsk193cd64UT5g9/8AceWG7Nosk7
	w0/we9VJyaVr/VVvNKspB6+aGsx17Y7hKstgveqmhJd1XR+NkjWUTxc4vcxXNEhVYinOSDTUY
	i4qTgQAUk3qL7YCAAA=
X-Env-Sender: JBeulich@suse.com
X-Msg-Ref: server-16.tower-21.messagelabs.com!1461922554!7488358!1
X-Originating-IP: [137.65.248.74]
X-SpamReason: No, hits=0.0 required=7.0 tests=UPPERCASE_25_50
X-StarScan-Received: 
X-StarScan-Version: 8.34; banners=-,-,-
X-VirusChecked: Checked
Received: (qmail 12787 invoked from network); 29 Apr 2016 09:35:56 -0000
Received: from prv-mh.provo.novell.com (HELO prv-mh.provo.novell.com)
	(137.65.248.74)
	by server-16.tower-21.messagelabs.com with DHE-RSA-AES256-GCM-SHA384
	encrypted SMTP; 29 Apr 2016 09:35:56 -0000
Received: from INET-PRV-MTA by prv-mh.provo.novell.com
	with Novell_GroupWise; Fri, 29 Apr 2016 03:35:45 -0600
Message-Id: <5723471702000078000E7283@prv-mh.provo.novell.com>
X-Mailer: Novell GroupWise Internet Agent 14.2.0 
Date: Fri, 29 Apr 2016 03:35:51 -0600
From: "Jan Beulich" <JBeulich@suse.com>
To: "xen-devel" <xen-devel@lists.xenproject.org>
Mime-Version: 1.0
Cc: Stefano Stabellini <sstabellini@kernel.org>,
	Wei Liu <wei.liu2@citrix.com>,
	George Dunlap <George.Dunlap@eu.citrix.com>,
	Andrew Cooper <andrew.cooper3@citrix.com>,
	Ian Jackson <Ian.Jackson@eu.citrix.com>, Tim Deegan <tim@xen.org>
Subject: [Xen-devel] [PATCH] XSA-77: widen scope again
X-BeenThere: xen-devel@lists.xen.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: Xen developer discussion <xen-devel.lists.xen.org>
List-Unsubscribe: <http://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <http://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=subscribe>
Errors-To: xen-devel-bounces@lists.xen.org
Sender: "Xen-devel" <xen-devel-bounces@lists.xen.org>
X-Spam-Status: No, score=-4.2 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_MED,
	UNPARSEABLE_RELAY autolearn=unavailable version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

As discussed on the hackathon, avoid us having to issue security
advisories for issues affecting only heavily disaggregated tool stack
setups, which no-one appears to use (or else they should step up to get
things into shape).

Signed-off-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
---
As we want to retain supported status of stubdom qemu: Does qemu use
any others when use in a stub domain?
XSA-77: widen scope again

As discussed on the hackathon, avoid us having to issue security
advisories for issues affecting only heavily disaggregated tool stack
setups, which no-one appears to use (or else they should step up to get
things into shape).

Signed-off-by: Jan Beulich <jbeulich@suse.com>
---
As we want to retain supported status of stubdom qemu: Does qemu use
any others when use in a stub domain?

--- a/docs/misc/xsm-flask.txt
+++ b/docs/misc/xsm-flask.txt
@@ -59,68 +59,16 @@ http://www.xenproject.org/security-polic
 
 __HYPERVISOR_domctl (xen/include/public/domctl.h)
 
- The following subops are covered by this statement. subops not listed
- here are considered safe for disaggregation.
+ All subops except for the following are covered by this statement.
 
- * XEN_DOMCTL_createdomain
- * XEN_DOMCTL_destroydomain
- * XEN_DOMCTL_getmemlist
- * XEN_DOMCTL_setvcpuaffinity
- * XEN_DOMCTL_shadow_op
- * XEN_DOMCTL_max_mem
- * XEN_DOMCTL_setvcpucontext
- * XEN_DOMCTL_getvcpucontext
- * XEN_DOMCTL_max_vcpus
- * XEN_DOMCTL_scheduler_op
- * XEN_DOMCTL_iomem_permission
- * XEN_DOMCTL_gethvmcontext
- * XEN_DOMCTL_sethvmcontext
- * XEN_DOMCTL_set_address_size
- * XEN_DOMCTL_assign_device
- * XEN_DOMCTL_pin_mem_cacheattr
- * XEN_DOMCTL_set_ext_vcpucontext
- * XEN_DOMCTL_get_ext_vcpucontext
- * XEN_DOMCTL_test_assign_device
- * XEN_DOMCTL_set_target
- * XEN_DOMCTL_deassign_device
- * XEN_DOMCTL_get_device_group
- * XEN_DOMCTL_set_machine_address_size
- * XEN_DOMCTL_debug_op
- * XEN_DOMCTL_gethvmcontext_partial
- * XEN_DOMCTL_vm_event_op
- * XEN_DOMCTL_mem_sharing_op
- * XEN_DOMCTL_setvcpuextstate
- * XEN_DOMCTL_getvcpuextstate
- * XEN_DOMCTL_set_access_required
- * XEN_DOMCTL_set_virq_handler
- * XEN_DOMCTL_set_broken_page_p2m
- * XEN_DOMCTL_setnodeaffinity
- * XEN_DOMCTL_gdbsx_guestmemio
+ * XEN_DOMCTL_ioport_mapping
+ * XEN_DOMCTL_memory_mapping
+ * XEN_DOMCTL_bind_pt_irq
+ * XEN_DOMCTL_unbind_pt_irq
 
 __HYPERVISOR_sysctl (xen/include/public/sysctl.h)
 
- The following subops are covered by this statement. subops not listed
- here are considered safe for disaggregation.
-
- * XEN_SYSCTL_readconsole
- * XEN_SYSCTL_tbuf_op
- * XEN_SYSCTL_physinfo
- * XEN_SYSCTL_sched_id
- * XEN_SYSCTL_perfc_op
- * XEN_SYSCTL_getdomaininfolist
- * XEN_SYSCTL_debug_keys
- * XEN_SYSCTL_getcpuinfo
- * XEN_SYSCTL_availheap
- * XEN_SYSCTL_get_pmstat
- * XEN_SYSCTL_cpu_hotplug
- * XEN_SYSCTL_pm_op
- * XEN_SYSCTL_page_offline_op
- * XEN_SYSCTL_lockprof_op
- * XEN_SYSCTL_cputopoinfo
- * XEN_SYSCTL_numainfo
- * XEN_SYSCTL_cpupool_op
- * XEN_SYSCTL_scheduler_op
- * XEN_SYSCTL_coverage_op
+ All subops are covered by this statement.
 
 __HYPERVISOR_memory_op (xen/include/public/memory.h)

--- a/docs/misc/xsm-flask.txt
+++ b/docs/misc/xsm-flask.txt
@@ -59,68 +59,16 @@ http://www.xenproject.org/security-polic 
 
 __HYPERVISOR_domctl (xen/include/public/domctl.h)
 
- The following subops are covered by this statement. subops not listed
- here are considered safe for disaggregation.
+ All subops except for the following are covered by this statement.
 
- * XEN_DOMCTL_createdomain
- * XEN_DOMCTL_destroydomain
- * XEN_DOMCTL_getmemlist
- * XEN_DOMCTL_setvcpuaffinity
- * XEN_DOMCTL_shadow_op
- * XEN_DOMCTL_max_mem
- * XEN_DOMCTL_setvcpucontext
- * XEN_DOMCTL_getvcpucontext
- * XEN_DOMCTL_max_vcpus
- * XEN_DOMCTL_scheduler_op
- * XEN_DOMCTL_iomem_permission
- * XEN_DOMCTL_gethvmcontext
- * XEN_DOMCTL_sethvmcontext
- * XEN_DOMCTL_set_address_size
- * XEN_DOMCTL_assign_device
- * XEN_DOMCTL_pin_mem_cacheattr
- * XEN_DOMCTL_set_ext_vcpucontext
- * XEN_DOMCTL_get_ext_vcpucontext
- * XEN_DOMCTL_test_assign_device
- * XEN_DOMCTL_set_target
- * XEN_DOMCTL_deassign_device
- * XEN_DOMCTL_get_device_group
- * XEN_DOMCTL_set_machine_address_size
- * XEN_DOMCTL_debug_op
- * XEN_DOMCTL_gethvmcontext_partial
- * XEN_DOMCTL_vm_event_op
- * XEN_DOMCTL_mem_sharing_op
- * XEN_DOMCTL_setvcpuextstate
- * XEN_DOMCTL_getvcpuextstate
- * XEN_DOMCTL_set_access_required
- * XEN_DOMCTL_set_virq_handler
- * XEN_DOMCTL_set_broken_page_p2m
- * XEN_DOMCTL_setnodeaffinity
- * XEN_DOMCTL_gdbsx_guestmemio
+ * XEN_DOMCTL_ioport_mapping
+ * XEN_DOMCTL_memory_mapping
+ * XEN_DOMCTL_bind_pt_irq
+ * XEN_DOMCTL_unbind_pt_irq
 
 __HYPERVISOR_sysctl (xen/include/public/sysctl.h)
 
- The following subops are covered by this statement. subops not listed
- here are considered safe for disaggregation.
-
- * XEN_SYSCTL_readconsole
- * XEN_SYSCTL_tbuf_op
- * XEN_SYSCTL_physinfo
- * XEN_SYSCTL_sched_id
- * XEN_SYSCTL_perfc_op
- * XEN_SYSCTL_getdomaininfolist
- * XEN_SYSCTL_debug_keys
- * XEN_SYSCTL_getcpuinfo
- * XEN_SYSCTL_availheap
- * XEN_SYSCTL_get_pmstat
- * XEN_SYSCTL_cpu_hotplug
- * XEN_SYSCTL_pm_op
- * XEN_SYSCTL_page_offline_op
- * XEN_SYSCTL_lockprof_op
- * XEN_SYSCTL_cputopoinfo
- * XEN_SYSCTL_numainfo
- * XEN_SYSCTL_cpupool_op
- * XEN_SYSCTL_scheduler_op
- * XEN_SYSCTL_coverage_op
+ All subops are covered by this statement.
 
 __HYPERVISOR_memory_op (xen/include/public/memory.h)