| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <b3af9873-3100-3c8a-7d7c-3ac0cba92ac1@suse.com>
Date: Wed, 14 Jun 2017 17:06:21 +0200
From: Juergen Gross <jgross@...e.com>
To: Boris Ostrovsky <boris.ostrovsky@...cle.com>,
linux-kernel@...r.kernel.org, xen-devel@...ts.xenproject.org
Cc: gregkh@...uxfoundation.org
Subject: Re: [PATCH v3 4/4] xen: add sysfs node for hypervisor build id
On 14/06/17 17:00, Boris Ostrovsky wrote:
> On 06/12/2017 10:21 AM, Juergen Gross wrote:
>> For support of Xen hypervisor live patching the hypervisor build id is
>> needed. Add a node /sys/hypervisor/properties/buildid containing the
>> information.
>>
>> Signed-off-by: Juergen Gross <jgross@...e.com>
>> ---
>> Documentation/ABI/testing/sysfs-hypervisor-xen | 11 +++++++++-
>> drivers/xen/sys-hypervisor.c | 29 ++++++++++++++++++++++++++
>> 2 files changed, 39 insertions(+), 1 deletion(-)
>>
>> diff --git a/Documentation/ABI/testing/sysfs-hypervisor-xen b/Documentation/ABI/testing/sysfs-hypervisor-xen
>> index c0edb3fdd6eb..53b7b2ea7515 100644
>> --- a/Documentation/ABI/testing/sysfs-hypervisor-xen
>> +++ b/Documentation/ABI/testing/sysfs-hypervisor-xen
>> @@ -1,5 +1,5 @@
>> What: /sys/hypervisor/guest_type
>> -Date: May 2017
>> +Date: June 2017
>> KernelVersion: 4.13
>> Contact: xen-devel@...ts.xenproject.org
>> Description: If running under Xen:
>> @@ -32,3 +32,12 @@ Description: If running under Xen:
>> Describes Xen PMU features (as an integer). A set bit indicates
>> that the corresponding feature is enabled. See
>> include/xen/interface/xenpmu.h for available features
>> +
>> +What: /sys/hypervisor/properties/buildid
>> +Date: June 2017
>> +KernelVersion: 4.13
>> +Contact: xen-devel@...ts.xenproject.org
>> +Description: If running under Xen:
>> + Build id of the hypervisor, needed for hypervisor live patching.
>> + Might return "<denied>" in case of special security settings
>> + in the hypervisor.
>
> It might? I don't see xen_deny() calls in XENVER_build_id (as I said
> below, assuming that's the command you are using).
>
>> diff --git a/drivers/xen/sys-hypervisor.c b/drivers/xen/sys-hypervisor.c
>> index d641e9970d5d..92307636ed54 100644
>> --- a/drivers/xen/sys-hypervisor.c
>> +++ b/drivers/xen/sys-hypervisor.c
>> @@ -339,12 +339,41 @@ static ssize_t features_show(struct hyp_sysfs_attr *attr, char *buffer)
>>
>> HYPERVISOR_ATTR_RO(features);
>>
>> +static ssize_t buildid_show(struct hyp_sysfs_attr *attr, char *buffer)
>> +{
>> + ssize_t ret;
>> + struct xen_build_id dummy;
>> + struct xen_build_id *buildid;
>> +
>> + dummy.len = 0;
>> + ret = HYPERVISOR_xen_version(XENVER_get_features, &dummy);
>
> Why XENVER_get_features and not XENVER_build_id?
The patch is looking different in my local tree. I might have missed to
do a commit before creating the patch via git format-patch. Will resend.
Juergen
Powered by blists - more mailing lists