Running xl queries XENVER_commandline and XENVER_build_id. The hardware
domain should have access to the command line. The hardware domain is
at least semi-trusted - just allow it access to all the xen_version
info.
Signed-off-by: Jason Andryuk <jason.andr...@amd.com>
---
xen/include/xsm/dummy.h | 2 ++
1 file changed, 2 insertions(+)
diff --git a/xen/include/xsm/dummy.h b/xen/include/xsm/dummy.h
index 4536ee5dad..9e6bc0ed12 100644
--- a/xen/include/xsm/dummy.h
+++ b/xen/include/xsm/dummy.h
@@ -859,6 +859,8 @@ static XSM_INLINE int cf_check
xsm_xen_version(XSM_DEFAULT_ARG uint32_t op)
/* These MUST always be accessible to any guest by default. */
return xsm_default_action(XSM_HOOK, current->domain, NULL);
default:
+ if ( is_hardware_domain(current->domain) )
+ return xsm_default_action(XSM_HW_PRIV, current->domain, NULL);
return xsm_default_action(XSM_PRIV, current->domain, NULL);
}
}
--
2.48.1
