From patchwork Tue Aug 8 13:22:17 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: =?utf-8?b?SsO8cmdlbiBHcm/Dnw==?= X-Patchwork-Id: 13346041 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id CADD8C001DF for ; Tue, 8 Aug 2023 13:22:40 +0000 (UTC) Received: from list by lists.xenproject.org with outflank-mailman.579858.908035 (Exim 4.92) (envelope-from ) id 1qTMfN-0004FS-21; Tue, 08 Aug 2023 13:22:29 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 579858.908035; Tue, 08 Aug 2023 13:22:29 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1qTMfM-0004FJ-V1; Tue, 08 Aug 2023 13:22:28 +0000 Received: by outflank-mailman (input) for mailman id 579858; Tue, 08 Aug 2023 13:22:27 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1qTMfL-0003ij-Py for xen-devel@lists.xenproject.org; Tue, 08 Aug 2023 13:22:27 +0000 Received: from smtp-out2.suse.de (smtp-out2.suse.de [2001:67c:2178:6::1d]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id 9e6214ea-35ee-11ee-b280-6b7b168915f2; Tue, 08 Aug 2023 15:22:27 +0200 (CEST) Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by smtp-out2.suse.de (Postfix) with ESMTPS id 034282031B; Tue, 8 Aug 2023 13:22:27 +0000 (UTC) Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by imap2.suse-dmz.suse.de (Postfix) with ESMTPS id C7F1A139D1; Tue, 8 Aug 2023 13:22:26 +0000 (UTC) Received: from dovecot-director2.suse.de ([192.168.254.65]) by imap2.suse-dmz.suse.de with ESMTPSA id CO8JL5JB0mSPFAAAMHmgww (envelope-from ); Tue, 08 Aug 2023 13:22:26 +0000 X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 9e6214ea-35ee-11ee-b280-6b7b168915f2 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=susede1; t=1691500947; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=frP7fLjhFOfOILeVRX9wP4pxrjeCRuK4+ypxOEXe4Qk=; b=DkzjRWwhBNVPOzGTKjT26u3UZeKnxC4cW3qeB3ONufmx0e62k6RuTHRsAk4nGQabXrEwA6 K0jeokb7VtAWRJtLkEPEG9XKDWCXiGXYmLW+NSSsHKgNwavvdSQO+FMcCFo8Kw4LLXiBFY m+tsdBxNEgIgrJOOXf+SfZoN0rAb1OM= From: Juergen Gross To: xen-devel@lists.xenproject.org Cc: Juergen Gross , Wei Liu , Anthony PERARD Subject: [PATCH v2 1/3] tools: add configure option for disabling pygrub Date: Tue, 8 Aug 2023 15:22:17 +0200 Message-Id: <20230808132219.6422-2-jgross@suse.com> X-Mailer: git-send-email 2.35.3 In-Reply-To: <20230808132219.6422-1-jgross@suse.com> References: <20230808132219.6422-1-jgross@suse.com> MIME-Version: 1.0 Add a "--disable-pygrub" option for being able to disable the build and installation of pygrub. There are two main reasons to do so: - A main reason to use pygrub is to allow a PV guest to choose its bitness (32- or 64-bit). Pygrub allows that by looking into the boot image and to start the guest in the correct mode depending on the kernel selected. With 32-bit PV guests being deprecated and the possibility to even build a hypervisor without 32-bit PV support, this use case is gone for at least some configurations. - Pygrub is running in dom0 with root privileges. As it is operating on guest controlled data (the boot image) and taking decisions based on this data, there is a higher security risk. Not being possible to use pygrub is thus a step towards a reduction of attack surface. Default is still to build and install pygrub. Signed-off-by: Juergen Gross Acked-by: Anthony PERARD --- V2: - better wording regarding security aspects (Andrew Cooper) - add HAVE_PYGRUB to tools/config.h --- config/Tools.mk.in | 1 + tools/Makefile | 2 +- tools/config.h.in | 3 +++ tools/configure | 34 ++++++++++++++++++++++++++++++++++ tools/configure.ac | 5 +++++ 5 files changed, 44 insertions(+), 1 deletion(-) diff --git a/config/Tools.mk.in b/config/Tools.mk.in index b7cc2961d8..432d7496f1 100644 --- a/config/Tools.mk.in +++ b/config/Tools.mk.in @@ -48,6 +48,7 @@ CONFIG_QEMU_XEN := @qemu_xen@ CONFIG_QEMUU_EXTRA_ARGS:= @EXTRA_QEMUU_CONFIGURE_ARGS@ CONFIG_LIBNL := @libnl@ CONFIG_GOLANG := @golang@ +CONFIG_PYGRUB := @pygrub@ CONFIG_SYSTEMD := @systemd@ SYSTEMD_CFLAGS := @SYSTEMD_CFLAGS@ diff --git a/tools/Makefile b/tools/Makefile index 1ff90ddfa0..bbd75ebc1a 100644 --- a/tools/Makefile +++ b/tools/Makefile @@ -36,7 +36,7 @@ SUBDIRS-$(CONFIG_X86) += debugger SUBDIRS-$(CONFIG_TESTS) += tests SUBDIRS-y += python -SUBDIRS-y += pygrub +SUBDIRS-$(CONFIG_PYGRUB) += pygrub SUBDIRS-$(OCAML_TOOLS) += ocaml ifeq ($(CONFIG_RUMP),y) diff --git a/tools/config.h.in b/tools/config.h.in index 3071cb3998..eacf1438d8 100644 --- a/tools/config.h.in +++ b/tools/config.h.in @@ -45,6 +45,9 @@ /* ROMBIOS enabled */ #undef HAVE_ROMBIOS +/* pygrub enabled */ +#undef HAVE_PYGRUB + /* Define to 1 if you have the header file. */ #undef HAVE_STDINT_H diff --git a/tools/configure b/tools/configure index 52b4717d01..44ec7a6477 100755 --- a/tools/configure +++ b/tools/configure @@ -707,6 +707,7 @@ AS86 ipxe qemu_traditional LINUX_BACKEND_MODULES +pygrub golang seabios ovmf @@ -811,6 +812,7 @@ enable_xsmpolicy enable_ovmf enable_seabios enable_golang +enable_pygrub with_linux_backend_modules enable_qemu_traditional enable_ipxe @@ -1498,6 +1500,7 @@ Optional Features: --enable-ovmf Enable OVMF (default is DISABLED) --disable-seabios Disable SeaBIOS (default is ENABLED) --disable-golang Disable Go tools (default is ENABLED) + --disable-pygrub Disable pygrub (default is ENABLED) --enable-qemu-traditional Enable qemu traditional device model, (DEFAULT is off) @@ -4287,6 +4290,29 @@ golang=$ax_cv_golang +# Check whether --enable-pygrub was given. +if test "${enable_pygrub+set}" = set; then : + enableval=$enable_pygrub; +fi + + +if test "x$enable_pygrub" = "xno"; then : + + ax_cv_pygrub="n" + +elif test "x$enable_pygrub" = "xyes"; then : + + ax_cv_pygrub="y" + +elif test -z $ax_cv_pygrub; then : + + ax_cv_pygrub="y" + +fi +pygrub=$ax_cv_pygrub + + + # Check whether --with-linux-backend-modules was given. if test "${with_linux_backend_modules+set}" = set; then : @@ -4595,6 +4621,14 @@ else fi +if test "x$pygrub" = "xy"; then : + + +$as_echo "#define HAVE_PYGRUB 1" >>confdefs.h + + +fi + # Check whether --with-system-qemu was given. if test "${with_system_qemu+set}" = set; then : diff --git a/tools/configure.ac b/tools/configure.ac index 3cccf41960..0d1c8f9fa3 100644 --- a/tools/configure.ac +++ b/tools/configure.ac @@ -89,6 +89,7 @@ AX_ARG_DEFAULT_ENABLE([xsmpolicy], [Disable XSM policy compilation]) AX_ARG_DEFAULT_DISABLE([ovmf], [Enable OVMF]) AX_ARG_DEFAULT_ENABLE([seabios], [Disable SeaBIOS]) AX_ARG_DEFAULT_ENABLE([golang], [Disable Go tools]) +AX_ARG_DEFAULT_ENABLE([pygrub], [Disable pygrub]) AC_ARG_WITH([linux-backend-modules], AS_HELP_STRING([--with-linux-backend-modules="mod1 mod2"], @@ -184,6 +185,10 @@ AS_IF([test "x$enable_rombios" = "xyes"], [ ]) AC_SUBST(rombios) +AS_IF([test "x$pygrub" = "xy"], [ + AC_DEFINE([HAVE_PYGRUB], [1], [pygrub enabled]) +]) + AC_ARG_WITH([system-qemu], AS_HELP_STRING([--with-system-qemu@<:@=PATH@:>@], [Use system supplied qemu PATH or qemu (taken from $PATH) as qemu-xen From patchwork Tue Aug 8 13:22:18 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: =?utf-8?b?SsO8cmdlbiBHcm/Dnw==?= X-Patchwork-Id: 13346042 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id BE8EBC001DF for ; Tue, 8 Aug 2023 13:22:46 +0000 (UTC) Received: from list by lists.xenproject.org with outflank-mailman.579859.908045 (Exim 4.92) (envelope-from ) id 1qTMfW-0004ha-FF; Tue, 08 Aug 2023 13:22:38 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 579859.908045; Tue, 08 Aug 2023 13:22:38 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1qTMfW-0004hR-BN; Tue, 08 Aug 2023 13:22:38 +0000 Received: by outflank-mailman (input) for mailman id 579859; Tue, 08 Aug 2023 13:22:36 +0000 Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50] helo=se1-gles-flk1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1qTMfU-0004aK-Kk for xen-devel@lists.xenproject.org; Tue, 08 Aug 2023 13:22:36 +0000 Received: from smtp-out1.suse.de (smtp-out1.suse.de [195.135.220.28]) by se1-gles-flk1.inumbo.com (Halon) with ESMTPS id a1c3ee17-35ee-11ee-8613-37d641c3527e; Tue, 08 Aug 2023 15:22:32 +0200 (CEST) Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by smtp-out1.suse.de (Postfix) with ESMTPS id A63EA21A5E; Tue, 8 Aug 2023 13:22:32 +0000 (UTC) Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by imap2.suse-dmz.suse.de (Postfix) with ESMTPS id 779E9139D1; Tue, 8 Aug 2023 13:22:32 +0000 (UTC) Received: from dovecot-director2.suse.de ([192.168.254.65]) by imap2.suse-dmz.suse.de with ESMTPSA id ggiOG5hB0mSfFAAAMHmgww (envelope-from ); Tue, 08 Aug 2023 13:22:32 +0000 X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: a1c3ee17-35ee-11ee-8613-37d641c3527e DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=susede1; t=1691500952; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=4ILsXfNsar6elu7aqIAUAvhq1elG/GdFUcYJ19l5rS0=; b=AaCQvnaiM3b2x6iwqJnm4VweB8u7YWAeBB0v4sssntQQZZlOaRbp3c/BijWSZtH6Bfpxyt sMX6KtAefjUEUQC9U8RCboCDtfOJp1eMdJhU2d8yN+WEYAnL4YN9QGNYl07k34OV8qkXtR gHN7qfkIjyER/HwmP7KDpokgG5cbok4= From: Juergen Gross To: xen-devel@lists.xenproject.org Cc: Juergen Gross , Wei Liu , Anthony PERARD Subject: [PATCH v2 2/3] tools: add configure option for libfsimage Date: Tue, 8 Aug 2023 15:22:18 +0200 Message-Id: <20230808132219.6422-3-jgross@suse.com> X-Mailer: git-send-email 2.35.3 In-Reply-To: <20230808132219.6422-1-jgross@suse.com> References: <20230808132219.6422-1-jgross@suse.com> MIME-Version: 1.0 The only in-tree user of libfsimage is pygrub. Now that it is possible to disable the build of pygrub, the same should be possible for libfsimage. Add an option for controlling the build of libfsimage. The default is on if pygrub is being built, and off if it isn't. Without pygrub the build of libfsimage can be enabled via --enable-libfsimage. Signed-off-by: Juergen Gross Reviewed-by: Anthony PERARD --- V2: - add check for pygrub enabled and libfsimage disabled (Andrew Cooper) --- config/Tools.mk.in | 1 + tools/Makefile | 2 +- tools/configure | 40 ++++++++++++++++++++++++++++++++++++++++ tools/configure.ac | 21 +++++++++++++++++++++ 4 files changed, 63 insertions(+), 1 deletion(-) diff --git a/config/Tools.mk.in b/config/Tools.mk.in index 432d7496f1..b54ab21f96 100644 --- a/config/Tools.mk.in +++ b/config/Tools.mk.in @@ -49,6 +49,7 @@ CONFIG_QEMUU_EXTRA_ARGS:= @EXTRA_QEMUU_CONFIGURE_ARGS@ CONFIG_LIBNL := @libnl@ CONFIG_GOLANG := @golang@ CONFIG_PYGRUB := @pygrub@ +CONFIG_LIBFSIMAGE := @libfsimage@ CONFIG_SYSTEMD := @systemd@ SYSTEMD_CFLAGS := @SYSTEMD_CFLAGS@ diff --git a/tools/Makefile b/tools/Makefile index bbd75ebc1a..311a9098d7 100644 --- a/tools/Makefile +++ b/tools/Makefile @@ -18,7 +18,7 @@ SUBDIRS-$(CONFIG_X86) += firmware SUBDIRS-y += console SUBDIRS-y += xenmon SUBDIRS-$(XENSTAT_XENTOP) += xentop -SUBDIRS-y += libfsimage +SUBDIRS-$(CONFIG_LIBFSIMAGE) += libfsimage SUBDIRS-$(CONFIG_Linux) += vchan # do not recurse in to a dir we are about to delete diff --git a/tools/configure b/tools/configure index 44ec7a6477..ed4eb64568 100755 --- a/tools/configure +++ b/tools/configure @@ -700,6 +700,7 @@ EXTRA_QEMUU_CONFIGURE_ARGS qemu_xen_systemd qemu_xen_path qemu_xen +libfsimage rombios BCC LD86 @@ -818,6 +819,7 @@ enable_qemu_traditional enable_ipxe with_system_ipxe enable_rombios +enable_libfsimage with_system_qemu with_stubdom_qmp_proxy with_system_seabios @@ -1508,6 +1510,8 @@ Optional Features: --with-system-ipxe) --enable-rombios Enable ROMBIOS, (DEFAULT is on if qemu-traditional or ipxe is enabled, otherwise off) + --enable-libfsimage Enable libfsimage, (DEFAULT is on if pygrub is + enabled, otherwise off) --enable-systemd Enable systemd support (default is DISABLED) --enable-9pfs Explicitly enable 9pfs support in QEMU build (default is to defer to QEMU configure default) @@ -4629,6 +4633,42 @@ $as_echo "#define HAVE_PYGRUB 1" >>confdefs.h fi +# Check whether --enable-libfsimage was given. +if test "${enable_libfsimage+set}" = set; then : + enableval=$enable_libfsimage; +else + + if test "x$pygrub" = "xn"; then : + + enable_libfsimage="no" + +else + + enable_libfsimage="yes" + +fi + +fi + +if test "x$enable_libfsimage" = "xyes"; then : + + libfsimage=y + +else + + if test "x$pygrub" = "xy"; then : + + as_fn_error $? "pygrub needs libfsimage" "$LINENO" 5 + +else + + libfsimage=n + +fi + +fi + + # Check whether --with-system-qemu was given. if test "${with_system_qemu+set}" = set; then : diff --git a/tools/configure.ac b/tools/configure.ac index 0d1c8f9fa3..618ef8c63f 100644 --- a/tools/configure.ac +++ b/tools/configure.ac @@ -189,6 +189,27 @@ AS_IF([test "x$pygrub" = "xy"], [ AC_DEFINE([HAVE_PYGRUB], [1], [pygrub enabled]) ]) +AC_ARG_ENABLE([libfsimage], + AS_HELP_STRING([--enable-libfsimage], + [Enable libfsimage, (DEFAULT is on if pygrub is enabled, + otherwise off)]),,[ + AS_IF([test "x$pygrub" = "xn"], [ + enable_libfsimage="no" + ], [ + enable_libfsimage="yes" + ]) +]) +AS_IF([test "x$enable_libfsimage" = "xyes"], [ + libfsimage=y +], [ + AS_IF([test "x$pygrub" = "xy"], [ + AC_MSG_ERROR([pygrub needs libfsimage]) + ], [ + libfsimage=n + ]) +]) +AC_SUBST(libfsimage) + AC_ARG_WITH([system-qemu], AS_HELP_STRING([--with-system-qemu@<:@=PATH@:>@], [Use system supplied qemu PATH or qemu (taken from $PATH) as qemu-xen From patchwork Tue Aug 8 13:22:19 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: =?utf-8?b?SsO8cmdlbiBHcm/Dnw==?= X-Patchwork-Id: 13346043 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id E2400C001B0 for ; Tue, 8 Aug 2023 13:22:49 +0000 (UTC) Received: from list by lists.xenproject.org with outflank-mailman.579860.908055 (Exim 4.92) (envelope-from ) id 1qTMfX-000510-Px; Tue, 08 Aug 2023 13:22:39 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 579860.908055; Tue, 08 Aug 2023 13:22:39 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1qTMfX-00050s-Lr; Tue, 08 Aug 2023 13:22:39 +0000 Received: by outflank-mailman (input) for mailman id 579860; Tue, 08 Aug 2023 13:22:39 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1qTMfX-0003ij-3a for xen-devel@lists.xenproject.org; Tue, 08 Aug 2023 13:22:39 +0000 Received: from smtp-out1.suse.de (smtp-out1.suse.de [195.135.220.28]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id a5282306-35ee-11ee-b280-6b7b168915f2; Tue, 08 Aug 2023 15:22:38 +0200 (CEST) Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by smtp-out1.suse.de (Postfix) with ESMTPS id 5B39821CC5; Tue, 8 Aug 2023 13:22:38 +0000 (UTC) Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by imap2.suse-dmz.suse.de (Postfix) with ESMTPS id 23510139D1; Tue, 8 Aug 2023 13:22:38 +0000 (UTC) Received: from dovecot-director2.suse.de ([192.168.254.65]) by imap2.suse-dmz.suse.de with ESMTPSA id nhv0Bp5B0mSqFAAAMHmgww (envelope-from ); Tue, 08 Aug 2023 13:22:38 +0000 X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: a5282306-35ee-11ee-b280-6b7b168915f2 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=susede1; t=1691500958; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=K/AHDp091ry1sq7bDUAxHTIgZCYOG8/+0FTmesY5Vjg=; b=bWr3s96eU9z2EIZ5poVBpHPjBxsT1bl4L75UlatOE7GePtIEBAN/IdNR7Y4awTLjIjP2jG iPC/lSTST3X8whr7mx/habJlmb9N6ljaMNFgIMRS6QH/c4wKlPaRTZucEoVnIb4c4bEsik yCHTGz0gx/Ecv18DebFLC/hhRKbfo2A= From: Juergen Gross To: xen-devel@lists.xenproject.org Cc: Juergen Gross , Wei Liu , Anthony PERARD , Andrew Cooper Subject: [PATCH v2 3/3] tools/xl: reject bootloader=pygrub in case pygrub is disabled Date: Tue, 8 Aug 2023 15:22:19 +0200 Message-Id: <20230808132219.6422-4-jgross@suse.com> X-Mailer: git-send-email 2.35.3 In-Reply-To: <20230808132219.6422-1-jgross@suse.com> References: <20230808132219.6422-1-jgross@suse.com> MIME-Version: 1.0 In case Xen has been configured with "--disable-pygrub", don't accept the domain config option "bootloader=pygrub". Suggested-by: Andrew Cooper Signed-off-by: Juergen Gross Acked-by: Anthony PERARD --- V2: - new patch --- tools/xl/xl_parse.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/tools/xl/xl_parse.c b/tools/xl/xl_parse.c index 1a5556d3bb..0e8c604bbf 100644 --- a/tools/xl/xl_parse.c +++ b/tools/xl/xl_parse.c @@ -1692,6 +1692,15 @@ void parse_config_data(const char *config_source, xlu_cfg_get_defbool(config, "acpi", &b_info->acpi, 0); xlu_cfg_replace_string (config, "bootloader", &b_info->bootloader, 0); +#ifndef HAVE_PYGRUB + if (b_info->bootloader && + (!strcmp(b_info->bootloader, "pygrub") || + !strcmp(b_info->bootloader, "/usr/bin/pygrub"))) { + fprintf(stderr, "ERROR: this instance of Xen has been built without support of \"pygrub\".\n"); + exit(-ERROR_FAIL); + } +#endif + switch (xlu_cfg_get_list_as_string_list(config, "bootloader_args", &b_info->bootloader_args, 1)) { case 0: