[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH v2 1/3] xsm/xen_version: Add XSM for the xen_version hypercall.
>>> On 06.11.15 at 20:36, <konrad.wilk@xxxxxxxxxx> wrote: > All of XENVER_* have now an XSM check. > > The subops for XENVER_[compile_info|changeset|commandline| > extraversion] are now priviliged operations. To not break > guests we still return an string - but it is just '<denied>'. And I continue to question at least the extraversion part. > The rest: XENVER_[version|capabilities| > parameters|get_features|page_size|guest_handle] behave > as before - allowed by default for all guests. > > This is with the XSM default policy and with the dummy ones. And with a non-default policy you now ignore one of the latter ops to also get denied. > @@ -354,10 +356,17 @@ DO(xen_version)(int cmd, XEN_GUEST_HANDLE_PARAM(void) > arg) > return 0; > > case XENVER_commandline: > - if ( copy_to_guest(arg, saved_cmdline, ARRAY_SIZE(saved_cmdline)) ) > + { > + size_t len = ARRAY_SIZE(saved_cmdline); > + > + if ( deny ) > + len = strlen(xen_deny()); +1 (or else you fail to nul-terminate the output). Jan _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |