|
 |
9381faf |
From 8c6791798de4b68923e422f565581af1ee74124c Mon Sep 17 00:00:00 2001
|
|
|
9381faf |
From: Roger Pau Monne <roger.pau@citrix.com>
|
|
|
9381faf |
Date: Thu, 30 Jun 2022 14:35:35 +0200
|
|
|
9381faf |
Subject: [PATCH] tools/libxl: env variable to signal whether disk/nic backend
|
|
|
9381faf |
is trusted
|
|
|
9381faf |
MIME-Version: 1.0
|
|
|
9381faf |
Content-Type: text/plain; charset=UTF-8
|
|
|
9381faf |
Content-Transfer-Encoding: 8bit
|
|
|
9381faf |
|
|
|
9381faf |
Introduce support in libxl for fetching the default backend trusted
|
|
|
9381faf |
option for disk and nic devices.
|
|
|
9381faf |
|
|
|
9381faf |
Users can set libxl_{disk,nic}_backend_untrusted environment variable
|
|
|
9381faf |
to notify libxl of whether the backends for disk and nic devices
|
|
|
9381faf |
should be trusted. Such information is passed into the frontend so it
|
|
|
9381faf |
can take the appropriate measures.
|
|
|
9381faf |
|
|
|
9381faf |
This is part of XSA-403.
|
|
|
9381faf |
|
|
|
9381faf |
Signed-off-by: Roger Pau Monné <roger.pau@citrix.com>
|
|
|
9381faf |
---
|
|
|
9381faf |
tools/libs/light/libxl_disk.c | 3 +++
|
|
|
9381faf |
tools/libs/light/libxl_nic.c | 3 +++
|
|
|
9381faf |
2 files changed, 6 insertions(+)
|
|
|
9381faf |
|
|
|
9381faf |
diff --git a/tools/libs/light/libxl_disk.c b/tools/libs/light/libxl_disk.c
|
|
|
9381faf |
index 93936d0dd0..0aaf6afce8 100644
|
|
|
9381faf |
--- a/tools/libs/light/libxl_disk.c
|
|
|
9381faf |
+++ b/tools/libs/light/libxl_disk.c
|
|
|
9381faf |
@@ -395,6 +395,9 @@ static void device_disk_add(libxl__egc *egc, uint32_t domid,
|
|
|
9381faf |
flexarray_append(front, GCSPRINTF("%d", device->devid));
|
|
|
9381faf |
flexarray_append(front, "device-type");
|
|
|
9381faf |
flexarray_append(front, disk->is_cdrom ? "cdrom" : "disk");
|
|
|
9381faf |
+ flexarray_append(front, "trusted");
|
|
|
9381faf |
+ flexarray_append(front, getenv("libxl_disk_backend_untrusted") ? "0"
|
|
|
9381faf |
+ : "1");
|
|
|
9381faf |
|
|
|
9381faf |
/*
|
|
|
9381faf |
* Old PV kernel disk frontends before 2.6.26 rely on tool stack to
|
|
|
9381faf |
diff --git a/tools/libs/light/libxl_nic.c b/tools/libs/light/libxl_nic.c
|
|
|
9381faf |
index 0b9e70c9d1..34c3fe6df0 100644
|
|
|
9381faf |
--- a/tools/libs/light/libxl_nic.c
|
|
|
9381faf |
+++ b/tools/libs/light/libxl_nic.c
|
|
|
9381faf |
@@ -255,6 +255,9 @@ static int libxl__set_xenstore_nic(libxl__gc *gc, uint32_t domid,
|
|
|
9381faf |
flexarray_append(back, "hotplug-status");
|
|
|
9381faf |
flexarray_append(back, "");
|
|
|
9381faf |
|
|
|
9381faf |
+ flexarray_append(front, "trusted");
|
|
|
9381faf |
+ flexarray_append(front, getenv("libxl_nic_backend_untrusted") ? "0" : "1");
|
|
|
9381faf |
+
|
|
|
9381faf |
return 0;
|
|
|
9381faf |
}
|
|
|
9381faf |
|
|
|
9381faf |
--
|
|
|
9381faf |
2.37.0
|
|
|
9381faf |
|