From: Sergey Dyasli <email@example.com> To: Andrew Cooper <firstname.lastname@example.org>, George Dunlap <email@example.com>, Doug Goldstein <firstname.lastname@example.org> Cc: "email@example.com >> Sergey Dyasli" <firstname.lastname@example.org>, Stefano Stabellini <email@example.com>, Julien Grall <firstname.lastname@example.org>, Wei Liu <email@example.com>, Konrad Rzeszutek Wilk <firstname.lastname@example.org>, Xen-devel <email@example.com>, Jan Beulich <firstname.lastname@example.org>, Ian Jackson <Ian.Jackson@citrix.com>, Daniel De Graaf <email@example.com> Subject: Re: [Xen-devel] [PATCH v2] xsm: hide detailed Xen version from unprivileged guests Date: Tue, 14 Jan 2020 10:19:08 +0000 [thread overview] Message-ID: <firstname.lastname@example.org> (raw) In-Reply-To: <email@example.com> On 13/01/2020 14:40, Andrew Cooper wrote: > On 13/01/2020 12:51, George Dunlap wrote: >> So Sergey's second patch: >> - Still denies XENVER_extraversion at the hypervisor level >> - Leaves the value returned by the hypervisor as "<denied>" >> - Filters the "<denied>" string at the hvmloader level, to prevent it >> leaking into a GUI and scaring customers. > > The SMBios table isn't the only way XENVER_extraversion leaks up into > the UI. > > XENVER_extraversion isn't the only source of redacted information > leaking up into the UI. > > Linux for example exports it all via sysfs. The windows drivers put > XENVER_extraversion into several other logs. I've found that /sys/hypervisor/version/extra returns "<denied>". "<hidded>" would have looked better there. >> Now we get to Andy's objection on the 10th: >> >> --- >> The reason for this (which ought to be obvious, but I guess only to >> those who actually do customer support) is basic human physiology. >> "denied" means something has gone wrong. It scares people, and causes >> them to seek help to change fix whatever is broken. >> >> It is not appropriate for it to find its way into the guest in the first >> place, and that includes turning up in `dmesg` and other logs, and >> expecting guest runtime to filter for it is complete nonsense. >> --- >> >> Basically, Andy says that *anywhere* it might show up is way too scary, >> even a guest dmesg log. >> >> Well, I disagree; I look in "dmesg" and I see loads of "scary" things. > > Just because dmesg is not an example of a good UI, doesn't mean its ok > for us to make: > > Xen version: 4.14<denied> (preserve-AD) And the above is indeed found in dmesg of PV domains (they have no SMbios). "<hidden>" is not appropriate here indeed. It should be either "" or generic ".0" IMHO. -- Thanks, Sergey _______________________________________________ Xen-devel mailing list Xenfirstname.lastname@example.org https://lists.xenproject.org/mailman/listinfo/xen-devel
next prev parent reply other threads:[~2020-01-14 10:19 UTC|newest] Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top 2020-01-10 10:37 Sergey Dyasli 2020-01-10 11:02 ` Andrew Cooper 2020-01-10 15:28 ` George Dunlap 2020-01-10 15:56 ` Jan Beulich 2020-01-10 16:45 ` Jürgen Groß 2020-01-10 17:00 ` George Dunlap 2020-01-11 3:55 ` Doug Goldstein 2020-01-11 9:35 ` George Dunlap 2020-01-13 11:01 ` Sergey Dyasli 2020-01-10 11:09 ` Jan Beulich 2020-01-11 4:02 ` Doug Goldstein 2020-01-11 9:02 ` George Dunlap 2020-01-12 18:26 ` Doug Goldstein 2020-01-13 12:51 ` George Dunlap 2020-01-13 13:39 ` Julien Grall 2020-01-13 14:01 ` Andrew Cooper 2020-01-13 14:07 ` George Dunlap 2020-01-13 14:28 ` Julien Grall 2020-01-13 14:40 ` Andrew Cooper 2020-01-14 10:19 ` Sergey Dyasli [this message] 2020-01-13 14:52 ` Julien Grall 2020-01-13 14:01 ` Ian Jackson
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --email@example.com \ --firstname.lastname@example.org \ --cc=Ian.Jackson@citrix.com \ --email@example.com \ --firstname.lastname@example.org \ --email@example.com \ --firstname.lastname@example.org \ --email@example.com \ --firstname.lastname@example.org \ --email@example.com \ --firstname.lastname@example.org \ --email@example.com \ --firstname.lastname@example.org \ --subject='Re: [Xen-devel] [PATCH v2] xsm: hide detailed Xen version from unprivileged guests' \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: link
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.