drop setting XEN_QEMU_CONSOLE_LIMIT in the environment

Message ID	ZyoTBgbGGYTyphH6@dingwall.me.uk (mailing list archive)
State	Superseded
Headers	show Return-Path: <xen-devel-bounces@lists.xenproject.org> Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" <xen-devel-bounces@lists.xenproject.org> Date: Tue, 5 Nov 2024 12:43:50 +0000 From: James Dingwall <james-xen@dingwall.me.uk> To: xen-devel@lists.xen.org Subject: [PATCH] drop setting XEN_QEMU_CONSOLE_LIMIT in the environment Message-ID: <ZyoTBgbGGYTyphH6@dingwall.me.uk> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="NL3BdUKXuzckRVF2" Content-Disposition: inline Feedback-ID: 217.155.64.189
Series	drop setting XEN_QEMU_CONSOLE_LIMIT in the environment \| expand drop setting XEN_QEMU_CONSOLE_LIMIT in the environment

Message ID

ZyoTBgbGGYTyphH6@dingwall.me.uk (mailing list archive)

State

Superseded

Headers

Errors-To: xen-devel-bounces@lists.xenproject.org
Precedence: list
Sender: "Xen-devel" <xen-devel-bounces@lists.xenproject.org>
Date: Tue, 5 Nov 2024 12:43:50 +0000
From: James Dingwall <james-xen@dingwall.me.uk>
To: xen-devel@lists.xen.org
Subject: [PATCH] drop setting XEN_QEMU_CONSOLE_LIMIT in the environment
Message-ID: <ZyoTBgbGGYTyphH6@dingwall.me.uk>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="NL3BdUKXuzckRVF2"
Content-Disposition: inline
Feedback-ID: 217.155.64.189

Series

drop setting XEN_QEMU_CONSOLE_LIMIT in the environment | expand

Commit Message

James Dingwall Nov. 5, 2024, 12:43 p.m. UTC

Hi,

Since qemu-xen-4.18.0 the corresponding code which responds to this
environment variable was not applied to the qemu tree.  It doesn't make
sense to me that it continues to be set in libxl so here's a patch
which removes it.

These are the relevant commits for various qemu tags:

qemu-xen-4.10.0: c349189772cec43498b0bec8a84146f10b8937af
qemu-xen-4.11.0: 2b033e396f4fa0981bae1213cdacd15775655a97
qemu-xen-4.12.0: 4f080070a9809bde857851e68a3aeff0c4b9b6a6
qemu-xen-4.13.0: c81d7597747f29432a0e197bf2c2109e77f2b6cf
qemu-xen-4.14.0: 410cc30fdc590417ae730d635bbc70257adf6750
qemu-xen-4.15.0: 677cbe1324c29294bb1d1b8454b3f214725e40fd
qemu-xen-4.16.0: b6e539830bf45e2d7a6bd86ddfdf003088b173b0
qemu-xen-4.17.0: 9a5e4bc76058766962ab3ff13f42c1d39a8e08d3
qemu-xen-4.18.0: not present
qemu-xen-4.19.0: not present

If this is approved is someone able to apply it to the tree?

Regards,
James

Comments

Jan Beulich Nov. 5, 2024, 12:57 p.m. UTC | #1

On 05.11.2024 13:43, James Dingwall wrote:
> Hi,
> 
> Since qemu-xen-4.18.0 the corresponding code which responds to this
> environment variable was not applied to the qemu tree.  It doesn't make
> sense to me that it continues to be set in libxl so here's a patch
> which removes it.
> 
> These are the relevant commits for various qemu tags:
> 
> qemu-xen-4.10.0: c349189772cec43498b0bec8a84146f10b8937af
> qemu-xen-4.11.0: 2b033e396f4fa0981bae1213cdacd15775655a97
> qemu-xen-4.12.0: 4f080070a9809bde857851e68a3aeff0c4b9b6a6
> qemu-xen-4.13.0: c81d7597747f29432a0e197bf2c2109e77f2b6cf
> qemu-xen-4.14.0: 410cc30fdc590417ae730d635bbc70257adf6750
> qemu-xen-4.15.0: 677cbe1324c29294bb1d1b8454b3f214725e40fd
> qemu-xen-4.16.0: b6e539830bf45e2d7a6bd86ddfdf003088b173b0
> qemu-xen-4.17.0: 9a5e4bc76058766962ab3ff13f42c1d39a8e08d3
> qemu-xen-4.18.0: not present
> qemu-xen-4.19.0: not present
> 
> If this is approved is someone able to apply it to the tree?

Once approved, any committer will be able to. First, however, like any patch
this one also needs a (your?) Signed-off-by:.

Jan

commit 86bfb2b8105c840311645a5587bc6cce6e5312ef
Author: James Dingwall <james@dingwall.me.uk>
Date:   Tue Nov 5 11:16:20 2024 +0000

    libxl: drop setting XEN_QEMU_CONSOLE_LIMIT in the environment (XSA-180 / CVE-2014-3672)
    
    The corresponding code in the Xen qemu repository was not applied from
    qemu-xen-4.18.0.

diff --git a/tools/libs/light/libxl_dm.c b/tools/libs/light/libxl_dm.c
index 1f2f5bd97a..b193a5dc37 100644
--- a/tools/libs/light/libxl_dm.c
+++ b/tools/libs/light/libxl_dm.c
@@ -638,20 +638,6 @@  int libxl__domain_device_construct_rdm(libxl__gc *gc,
     return ERROR_FAIL;
 }
 
-/* XSA-180 / CVE-2014-3672
- *
- * The QEMU shipped with Xen has a bodge. It checks for
- * XEN_QEMU_CONSOLE_LIMIT to see how much data QEMU is allowed
- * to write to stderr. We set that to 1MB if it is not set by
- * system administrator.
- */
-static void libxl__set_qemu_env_for_xsa_180(libxl__gc *gc,
-                                            flexarray_t *dm_envs)
-{
-    if (getenv("XEN_QEMU_CONSOLE_LIMIT")) return;
-    flexarray_append_pair(dm_envs, "XEN_QEMU_CONSOLE_LIMIT", "1048576");
-}
-
 const libxl_vnc_info *libxl__dm_vnc(const libxl_domain_config *guest_config)
 {
     const libxl_vnc_info *vnc = NULL;
@@ -704,8 +690,6 @@  static int libxl__build_device_model_args_old(libxl__gc *gc,
 
     assert(state->dm_monitor_fd == -1);
 
-    libxl__set_qemu_env_for_xsa_180(gc, dm_envs);
-
     flexarray_vappend(dm_args, dm,
                       "-d", GCSPRINTF("%d", domid), NULL);
 
@@ -1210,8 +1194,6 @@  static int libxl__build_device_model_args_new(libxl__gc *gc,
     dm_args = flexarray_make(gc, 16, 1);
     dm_envs = flexarray_make(gc, 16, 1);
 
-    libxl__set_qemu_env_for_xsa_180(gc, dm_envs);
-
     flexarray_vappend(dm_args, dm,
                       "-xen-domid",
                       GCSPRINTF("%d", guest_domid), NULL);
@@ -3656,7 +3638,6 @@  void libxl__spawn_qemu_xenpv_backend(libxl__egc *egc,
     flexarray_append(dm_args, NULL);
     args = (char **) flexarray_contents(dm_args);
 
-    libxl__set_qemu_env_for_xsa_180(gc, dm_envs);
     envs = (char **) flexarray_contents(dm_envs);
 
     logfile_w = libxl__create_qemu_logfile(gc, GCSPRINTF("qdisk-%u", domid));

drop setting XEN_QEMU_CONSOLE_LIMIT in the environment

Commit Message

Comments

Patch