lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 14 Jun 2017 17:06:21 +0200
From:   Juergen Gross <jgross@...e.com>
To:     Boris Ostrovsky <boris.ostrovsky@...cle.com>,
        linux-kernel@...r.kernel.org, xen-devel@...ts.xenproject.org
Cc:     gregkh@...uxfoundation.org
Subject: Re: [PATCH v3 4/4] xen: add sysfs node for hypervisor build id

On 14/06/17 17:00, Boris Ostrovsky wrote:
> On 06/12/2017 10:21 AM, Juergen Gross wrote:
>> For support of Xen hypervisor live patching the hypervisor build id is
>> needed. Add a node /sys/hypervisor/properties/buildid containing the
>> information.
>>
>> Signed-off-by: Juergen Gross <jgross@...e.com>
>> ---
>>  Documentation/ABI/testing/sysfs-hypervisor-xen | 11 +++++++++-
>>  drivers/xen/sys-hypervisor.c                   | 29 ++++++++++++++++++++++++++
>>  2 files changed, 39 insertions(+), 1 deletion(-)
>>
>> diff --git a/Documentation/ABI/testing/sysfs-hypervisor-xen b/Documentation/ABI/testing/sysfs-hypervisor-xen
>> index c0edb3fdd6eb..53b7b2ea7515 100644
>> --- a/Documentation/ABI/testing/sysfs-hypervisor-xen
>> +++ b/Documentation/ABI/testing/sysfs-hypervisor-xen
>> @@ -1,5 +1,5 @@
>>  What:		/sys/hypervisor/guest_type
>> -Date:		May 2017
>> +Date:		June 2017
>>  KernelVersion:	4.13
>>  Contact:	xen-devel@...ts.xenproject.org
>>  Description:	If running under Xen:
>> @@ -32,3 +32,12 @@ Description:	If running under Xen:
>>  		Describes Xen PMU features (as an integer). A set bit indicates
>>  		that the corresponding feature is enabled. See
>>  		include/xen/interface/xenpmu.h for available features
>> +
>> +What:		/sys/hypervisor/properties/buildid
>> +Date:		June 2017
>> +KernelVersion:	4.13
>> +Contact:	xen-devel@...ts.xenproject.org
>> +Description:	If running under Xen:
>> +		Build id of the hypervisor, needed for hypervisor live patching.
>> +		Might return "<denied>" in case of special security settings
>> +		in the hypervisor.
> 
> It might? I don't see xen_deny() calls in XENVER_build_id (as I said
> below, assuming that's the command you are using).
> 
>> diff --git a/drivers/xen/sys-hypervisor.c b/drivers/xen/sys-hypervisor.c
>> index d641e9970d5d..92307636ed54 100644
>> --- a/drivers/xen/sys-hypervisor.c
>> +++ b/drivers/xen/sys-hypervisor.c
>> @@ -339,12 +339,41 @@ static ssize_t features_show(struct hyp_sysfs_attr *attr, char *buffer)
>>  
>>  HYPERVISOR_ATTR_RO(features);
>>  
>> +static ssize_t buildid_show(struct hyp_sysfs_attr *attr, char *buffer)
>> +{
>> +	ssize_t ret;
>> +	struct xen_build_id dummy;
>> +	struct xen_build_id *buildid;
>> +
>> +	dummy.len = 0;
>> +	ret = HYPERVISOR_xen_version(XENVER_get_features, &dummy);
> 
> Why XENVER_get_features and not XENVER_build_id?

The patch is looking different in my local tree. I might have missed to
do a commit before creating the patch via git format-patch. Will resend.


Juergen

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ