On 13/01/2020 14:40, Andrew Cooper wrote: > On 13/01/2020 12:51, George Dunlap wrote: >> So Sergey's second patch: >> - Still denies XENVER_extraversion at the hypervisor level >> - Leaves the value returned by the hypervisor as "<denied>" >> - Filters the "<denied>" string at the hvmloader level, to prevent it >> leaking into a GUI and scaring customers. > > The SMBios table isn't the only way XENVER_extraversion leaks up into > the UI. > > XENVER_extraversion isn't the only source of redacted information > leaking up into the UI. > > Linux for example exports it all via sysfs. The windows drivers put > XENVER_extraversion into several other logs.
I've found that /sys/hypervisor/version/extra returns "<denied>". "<hidded>" would have looked better there. >> Now we get to Andy's objection on the 10th: >> >> --- >> The reason for this (which ought to be obvious, but I guess only to >> those who actually do customer support) is basic human physiology. >> "denied" means something has gone wrong. It scares people, and causes >> them to seek help to change fix whatever is broken. >> >> It is not appropriate for it to find its way into the guest in the first >> place, and that includes turning up in `dmesg` and other logs, and >> expecting guest runtime to filter for it is complete nonsense. >> --- >> >> Basically, Andy says that *anywhere* it might show up is way too scary, >> even a guest dmesg log. >> >> Well, I disagree; I look in "dmesg" and I see loads of "scary" things. > > Just because dmesg is not an example of a good UI, doesn't mean its ok > for us to make: > > Xen version: 4.14<denied> (preserve-AD) And the above is indeed found in dmesg of PV domains (they have no SMbios). "<hidden>" is not appropriate here indeed. It should be either "" or generic ".0" IMHO. -- Thanks, Sergey _______________________________________________ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel
