From: Julien Grall <julien@xen.org>
To: George Dunlap <george.dunlap@citrix.com>,
Doug Goldstein <cardoe@cardoe.com>
Cc: Sergey Dyasli <sergey.dyasli@citrix.com>,
Stefano Stabellini <sstabellini@kernel.org>, Wei Liu <wl@xen.org>,
Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>,
Andrew Cooper <Andrew.Cooper3@citrix.com>,
Xen-devel <xen-devel@lists.xen.org>,
Jan Beulich <jbeulich@suse.com>,
Ian Jackson <Ian.Jackson@citrix.com>,
Daniel De Graaf <dgdegra@tycho.nsa.gov>
Subject: Re: [Xen-devel] [PATCH v2] xsm: hide detailed Xen version from unprivileged guests
Date: Mon, 13 Jan 2020 13:39:06 +0000 [thread overview]
Message-ID: <530f7613-299e-651b-c42e-c93ca261d16b@xen.org> (raw)
In-Reply-To: <ca5a6b9b-fbde-5de6-fbf0-822d488cabf9@citrix.com>
Hi George,
Thank you for summarising the possibility. One question below.
On 13/01/2020 12:51, George Dunlap wrote:
> 2. Block XENVER_extraversion at the hypervisor level. Leave xen_deny()
> as returning "<denied>", but replace "<denied>" with "" in hvmloader so
> it doesn't show up in the System Info and scare users.
>
> 3. Block XENVER_extraversion at the hypervisor level. Change xen_deny()
> to return a more benign string like "<hidden>". (Perhaps also filter it
> in hvmloader, just for good measure.)
My knowledge of live migration on x86 is a bit limited, but if I
understand correctly those two options would require a guest to reboot
in order to pick up the changes. Am I correct?
Cheers,
--
Julien Grall
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
next prev parent reply other threads:[~2020-01-13 13:39 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-01-10 10:37 [Xen-devel] [PATCH v2] xsm: hide detailed Xen version from unprivileged guests Sergey Dyasli
2020-01-10 11:02 ` Andrew Cooper
2020-01-10 15:28 ` George Dunlap
2020-01-10 15:56 ` Jan Beulich
2020-01-10 16:45 ` Jürgen Groß
2020-01-10 17:00 ` George Dunlap
2020-01-11 3:55 ` Doug Goldstein
2020-01-11 9:35 ` George Dunlap
2020-01-13 11:01 ` Sergey Dyasli
2020-01-10 11:09 ` Jan Beulich
2020-01-11 4:02 ` Doug Goldstein
2020-01-11 9:02 ` George Dunlap
2020-01-12 18:26 ` Doug Goldstein
2020-01-13 12:51 ` George Dunlap
2020-01-13 13:39 ` Julien Grall [this message]
2020-01-13 14:01 ` Andrew Cooper
2020-01-13 14:07 ` George Dunlap
2020-01-13 14:28 ` Julien Grall
2020-01-13 14:40 ` Andrew Cooper
2020-01-14 10:19 ` Sergey Dyasli
2020-01-13 14:52 ` Julien Grall
2020-01-13 14:01 ` Ian Jackson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=530f7613-299e-651b-c42e-c93ca261d16b@xen.org \
--to=julien@xen.org \
--cc=Andrew.Cooper3@citrix.com \
--cc=Ian.Jackson@citrix.com \
--cc=cardoe@cardoe.com \
--cc=dgdegra@tycho.nsa.gov \
--cc=george.dunlap@citrix.com \
--cc=jbeulich@suse.com \
--cc=konrad.wilk@oracle.com \
--cc=sergey.dyasli@citrix.com \
--cc=sstabellini@kernel.org \
--cc=wl@xen.org \
--cc=xen-devel@lists.xen.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.