From ad5d0db5e68e5d4e79255fa85d9cb0069bb1c5d5 Mon Sep 17 00:00:00 2001 From: Alejandro Vallejo Date: Mon, 25 Sep 2023 18:32:21 +0100 Subject: [PATCH 05/11] tools/pygrub: Remove unnecessary hypercall There's a hypercall being issued in order to determine whether PV64 is supported, but since Xen 4.3 that's strictly true so it's not required. Plus, this way we can avoid mapping the privcmd interface altogether in the depriv pygrub. This is part of XSA-443 / CVE-2023-34325 Signed-off-by: Alejandro Vallejo Reviewed-by: Andrew Cooper --- tools/pygrub/src/pygrub | 12 +----------- 1 file changed, 1 insertion(+), 11 deletions(-) diff --git a/tools/pygrub/src/pygrub b/tools/pygrub/src/pygrub index ce7ab0eb8cf3..ce4e07d3e823 100755 --- a/tools/pygrub/src/pygrub +++ b/tools/pygrub/src/pygrub @@ -18,7 +18,6 @@ import os, sys, string, struct, tempfile, re, traceback, stat, errno import copy import logging import platform -import xen.lowlevel.xc import curses, _curses, curses.textpad, curses.ascii import getopt @@ -668,14 +667,6 @@ def run_grub(file, entry, fs, cfg_args): return grubcfg -def supports64bitPVguest(): - xc = xen.lowlevel.xc.xc() - caps = xc.xeninfo()['xen_caps'].split(" ") - for cap in caps: - if cap == "xen-3.0-x86_64": - return True - return False - # If nothing has been specified, look for a Solaris domU. If found, perform the # necessary tweaks. def sniff_solaris(fs, cfg): @@ -684,8 +675,7 @@ def sniff_solaris(fs, cfg): return cfg if not cfg["kernel"]: - if supports64bitPVguest() and \ - fs.file_exists("/platform/i86xpv/kernel/amd64/unix"): + if fs.file_exists("/platform/i86xpv/kernel/amd64/unix"): cfg["kernel"] = "/platform/i86xpv/kernel/amd64/unix" cfg["ramdisk"] = "/platform/i86pc/amd64/boot_archive" elif fs.file_exists("/platform/i86xpv/kernel/unix"): -- 2.42.0