From 340cb938b957a2baaaee1700a882148dc4c788bc Mon Sep 17 00:00:00 2001 From: Roger Pau Monne Date: Thu, 30 Jun 2022 14:35:35 +0200 Subject: [PATCH] tools/libxl: env variable to signal whether disk/nic backend is trusted MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Introduce support in libxl for fetching the default backend trusted option for disk and nic devices. Users can set libxl_{disk,nic}_backend_untrusted environment variable to notify libxl of whether the backends for disk and nic devices should be trusted. Such information is passed into the frontend so it can take the appropriate measures. This is part of XSA-403. Signed-off-by: Roger Pau Monné --- tools/libxl/libxl_disk.c | 3 +++ tools/libxl/libxl_nic.c | 3 +++ 2 files changed, 6 insertions(+) diff --git a/tools/libxl/libxl_disk.c b/tools/libxl/libxl_disk.c index ddc1eec176..36862bbbcb 100644 --- a/tools/libxl/libxl_disk.c +++ b/tools/libxl/libxl_disk.c @@ -395,6 +395,9 @@ static void device_disk_add(libxl__egc *egc, uint32_t domid, flexarray_append(front, GCSPRINTF("%d", device->devid)); flexarray_append(front, "device-type"); flexarray_append(front, disk->is_cdrom ? "cdrom" : "disk"); + flexarray_append(front, "trusted"); + flexarray_append(front, getenv("libxl_disk_backend_untrusted") ? "0" + : "1"); /* * Old PV kernel disk frontends before 2.6.26 rely on tool stack to diff --git a/tools/libxl/libxl_nic.c b/tools/libxl/libxl_nic.c index 07880b39e1..4d09fb8b46 100644 --- a/tools/libxl/libxl_nic.c +++ b/tools/libxl/libxl_nic.c @@ -237,6 +237,9 @@ static int libxl__set_xenstore_nic(libxl__gc *gc, uint32_t domid, flexarray_append(front, GCSPRINTF( LIBXL_MAC_FMT, LIBXL_MAC_BYTES(nic->mac))); + flexarray_append(front, "trusted"); + flexarray_append(front, getenv("libxl_nic_backend_untrusted") ? "0" : "1"); + return 0; } -- 2.37.0