[Xen-changelog] [xen master] XSA-77: widen scope again

[patchbot@xxxxxxx]

commit 5590bd17c474b3cff4a86216b17349a3045f6158
Author:     Jan Beulich <jbeulich@xxxxxxxx>
AuthorDate: Wed May 11 09:46:02 2016 +0200
Commit:     Jan Beulich <jbeulich@xxxxxxxx>
CommitDate: Wed May 11 09:46:02 2016 +0200

    XSA-77: widen scope again
    
    As discussed on the hackathon, avoid us having to issue security
    advisories for issues affecting only heavily disaggregated tool stack
    setups, which no-one appears to use (or else they should step up to get
    things into shape).
    
    Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>
    Reviewed-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
---
 docs/misc/xsm-flask.txt | 66 ++++++-------------------------------------------
 1 file changed, 8 insertions(+), 58 deletions(-)

diff --git a/docs/misc/xsm-flask.txt b/docs/misc/xsm-flask.txt
index 00a2b13..d3015ca 100644
--- a/docs/misc/xsm-flask.txt
+++ b/docs/misc/xsm-flask.txt
@@ -59,68 +59,18 @@ http://www.xenproject.org/security-policy.html.
 
 __HYPERVISOR_domctl (xen/include/public/domctl.h)
 
- The following subops are covered by this statement. subops not listed
- here are considered safe for disaggregation.
+ All subops except the following are covered by this statement.  (That
+ is, only the subops below are considered safe for disaggregation.)
 
- * XEN_DOMCTL_createdomain
- * XEN_DOMCTL_destroydomain
- * XEN_DOMCTL_getmemlist
- * XEN_DOMCTL_setvcpuaffinity
- * XEN_DOMCTL_shadow_op
- * XEN_DOMCTL_max_mem
- * XEN_DOMCTL_setvcpucontext
- * XEN_DOMCTL_getvcpucontext
- * XEN_DOMCTL_max_vcpus
- * XEN_DOMCTL_scheduler_op
- * XEN_DOMCTL_iomem_permission
- * XEN_DOMCTL_gethvmcontext
- * XEN_DOMCTL_sethvmcontext
- * XEN_DOMCTL_set_address_size
- * XEN_DOMCTL_assign_device
- * XEN_DOMCTL_pin_mem_cacheattr
- * XEN_DOMCTL_set_ext_vcpucontext
- * XEN_DOMCTL_get_ext_vcpucontext
- * XEN_DOMCTL_test_assign_device
- * XEN_DOMCTL_set_target
- * XEN_DOMCTL_deassign_device
- * XEN_DOMCTL_get_device_group
- * XEN_DOMCTL_set_machine_address_size
- * XEN_DOMCTL_debug_op
- * XEN_DOMCTL_gethvmcontext_partial
- * XEN_DOMCTL_vm_event_op
- * XEN_DOMCTL_mem_sharing_op
- * XEN_DOMCTL_setvcpuextstate
- * XEN_DOMCTL_getvcpuextstate
- * XEN_DOMCTL_set_access_required
- * XEN_DOMCTL_set_virq_handler
- * XEN_DOMCTL_set_broken_page_p2m
- * XEN_DOMCTL_setnodeaffinity
- * XEN_DOMCTL_gdbsx_guestmemio
+ * XEN_DOMCTL_ioport_mapping
+ * XEN_DOMCTL_memory_mapping
+ * XEN_DOMCTL_bind_pt_irq
+ * XEN_DOMCTL_unbind_pt_irq
 
 __HYPERVISOR_sysctl (xen/include/public/sysctl.h)
 
- The following subops are covered by this statement. subops not listed
- here are considered safe for disaggregation.
-
- * XEN_SYSCTL_readconsole
- * XEN_SYSCTL_tbuf_op
- * XEN_SYSCTL_physinfo
- * XEN_SYSCTL_sched_id
- * XEN_SYSCTL_perfc_op
- * XEN_SYSCTL_getdomaininfolist
- * XEN_SYSCTL_debug_keys
- * XEN_SYSCTL_getcpuinfo
- * XEN_SYSCTL_availheap
- * XEN_SYSCTL_get_pmstat
- * XEN_SYSCTL_cpu_hotplug
- * XEN_SYSCTL_pm_op
- * XEN_SYSCTL_page_offline_op
- * XEN_SYSCTL_lockprof_op
- * XEN_SYSCTL_cputopoinfo
- * XEN_SYSCTL_numainfo
- * XEN_SYSCTL_cpupool_op
- * XEN_SYSCTL_scheduler_op
- * XEN_SYSCTL_coverage_op
+ All subops are covered by this statement.  (That is, no subops are
+ considered safe for disaggregation.)
 
 __HYPERVISOR_memory_op (xen/include/public/memory.h)
 
--
generated by git-patchbot for /home/xen/git/xen.git#master

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog