File xsa443-05.patch of Package xen.31427
From 75fdc03c5a6b7fac0c3a5ac06a5beaac73aad36f Mon Sep 17 00:00:00 2001
From: Alejandro Vallejo <alejandro.vallejo@cloud.com>
Date: Mon, 25 Sep 2023 18:32:21 +0100
Subject: [PATCH 05/11] tools/pygrub: Remove unnecessary hypercall
There's a hypercall being issued in order to determine whether PV64 is
supported, but since Xen 4.3 that's strictly true so it's not required.
Plus, this way we can avoid mapping the privcmd interface altogether in the
depriv pygrub.
This is part of XSA-443 / CVE-2023-34325
Signed-off-by: Alejandro Vallejo <alejandro.vallejo@cloud.com>
Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
---
tools/pygrub/src/pygrub | 12 +-----------
1 file changed, 1 insertion(+), 11 deletions(-)
diff --git a/tools/pygrub/src/pygrub b/tools/pygrub/src/pygrub
index ce7ab0eb8cf3..ce4e07d3e823 100755
--- a/tools/pygrub/src/pygrub
+++ b/tools/pygrub/src/pygrub
@@ -18,7 +18,6 @@ import os, sys, string, struct, tempfile, re, traceback, stat, errno
import copy
import logging
import platform
-import xen.lowlevel.xc
import curses, _curses, curses.textpad, curses.ascii
import getopt
@@ -668,14 +667,6 @@ def run_grub(file, entry, fs, cfg_args):
return grubcfg
-def supports64bitPVguest():
- xc = xen.lowlevel.xc.xc()
- caps = xc.xeninfo()['xen_caps'].split(" ")
- for cap in caps:
- if cap == "xen-3.0-x86_64":
- return True
- return False
-
# If nothing has been specified, look for a Solaris domU. If found, perform the
# necessary tweaks.
def sniff_solaris(fs, cfg):
@@ -684,8 +675,7 @@ def sniff_solaris(fs, cfg):
return cfg
if not cfg["kernel"]:
- if supports64bitPVguest() and \
- fs.file_exists("/platform/i86xpv/kernel/amd64/unix"):
+ if fs.file_exists("/platform/i86xpv/kernel/amd64/unix"):
cfg["kernel"] = "/platform/i86xpv/kernel/amd64/unix"
cfg["ramdisk"] = "/platform/i86pc/amd64/boot_archive"
elif fs.file_exists("/platform/i86xpv/kernel/unix"):
--
2.42.0