From 0b2dc2837564fc65bdd99c19acfaf2783b4448aa Mon Sep 17 00:00:00 2001 From: Alejandro Vallejo Date: Mon, 25 Sep 2023 18:32:21 +0100 Subject: [PATCH 05/11] tools/pygrub: Remove unnecessary hypercall There's a hypercall being issued in order to determine whether PV64 is supported, but since Xen 4.3 that's strictly true so it's not required. Plus, this way we can avoid mapping the privcmd interface altogether in the depriv pygrub. This is part of XSA-443 / CVE-2023-34325 Signed-off-by: Alejandro Vallejo Reviewed-by: Andrew Cooper --- tools/pygrub/src/pygrub | 12 +----------- 1 file changed, 1 insertion(+), 11 deletions(-) diff --git a/tools/pygrub/src/pygrub b/tools/pygrub/src/pygrub index a759d90ade5e..0be6720ce00b 100755 --- a/tools/pygrub/src/pygrub +++ b/tools/pygrub/src/pygrub @@ -18,7 +18,6 @@ import os, sys, string, struct, tempfile, re, traceback, stat, errno import copy import logging import platform -import xen.lowlevel.xc import curses, _curses, curses.textpad, curses.ascii import getopt @@ -668,14 +667,6 @@ def run_grub(file, entry, fs, cfg_args): return grubcfg -def supports64bitPVguest(): - xc = xen.lowlevel.xc.xc() - caps = xc.xeninfo()['xen_caps'].split(" ") - for cap in caps: - if cap == "xen-3.0-x86_64": - return True - return False - # If nothing has been specified, look for a Solaris domU. If found, perform the # necessary tweaks. def sniff_solaris(fs, cfg): @@ -684,8 +675,7 @@ def sniff_solaris(fs, cfg): return cfg if not cfg["kernel"]: - if supports64bitPVguest() and \ - fs.file_exists("/platform/i86xpv/kernel/amd64/unix"): + if fs.file_exists("/platform/i86xpv/kernel/amd64/unix"): cfg["kernel"] = "/platform/i86xpv/kernel/amd64/unix" cfg["ramdisk"] = "/platform/i86pc/amd64/boot_archive" elif fs.file_exists("/platform/i86xpv/kernel/unix"): -- 2.42.0