From nobody Thu May 16 08:26:54 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass(p=quarantine dis=none) header.from=suse.com ARC-Seal: i=1; a=rsa-sha256; t=1691128833; cv=none; d=zohomail.com; s=zohoarc; b=XQLZ+bhKuTFOEDERUnzlCS3NAykReXZdQRT039auWsO5p+57FKEEz3OpUcJspcw30Bb2d9odMh+g0Ra7ZzDWyaB7v9Brgnrg/waSCSpR4zwrk8ddN+oCGDgl17UvF0X2FVYMZVpk92gt+F57/v7tK7/b/v1mDLgC/clTZyi0BEg= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1691128833; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=3lY3SIuVkWF2aYitFeP1w+X45FAECaznTjuW2uDVbFM=; b=MTSnXOUIyQiYODtMGzA9VLc3AuglGQsv8GJeBC/wovpWTbVfd/U/nOfGXL49k2yxHZrRMv/Au/35PCnUWkb50xwhOJ44gRDXlxUXIWyIWtON6KiABezYtz3VD5xFNhEBazUmPGJb15Y2joZSMNDkAXDzupXLRKafLZnxb97WCcE= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1691128833045942.3550794996521; Thu, 3 Aug 2023 23:00:33 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.576830.903409 (Exim 4.92) (envelope-from ) id 1qRnrB-0003iQ-Ct; Fri, 04 Aug 2023 06:00:13 +0000 Received: by outflank-mailman (output) from mailman id 576830.903409; Fri, 04 Aug 2023 06:00:13 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1qRnrB-0003iH-A9; Fri, 04 Aug 2023 06:00:13 +0000 Received: by outflank-mailman (input) for mailman id 576830; Fri, 04 Aug 2023 06:00:09 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1qRnr7-0003E0-Fo for xen-devel@lists.xenproject.org; Fri, 04 Aug 2023 06:00:09 +0000 Received: from smtp-out1.suse.de (smtp-out1.suse.de [195.135.220.28]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id 2ab71d6d-328c-11ee-b26a-6b7b168915f2; Fri, 04 Aug 2023 08:00:09 +0200 (CEST) Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by smtp-out1.suse.de (Postfix) with ESMTPS id C5AA821870; Fri, 4 Aug 2023 06:00:08 +0000 (UTC) Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by imap2.suse-dmz.suse.de (Postfix) with ESMTPS id 9CDF3133B5; Fri, 4 Aug 2023 06:00:08 +0000 (UTC) Received: from dovecot-director2.suse.de ([192.168.254.65]) by imap2.suse-dmz.suse.de with ESMTPSA id 0dv3JOiTzGRwMQAAMHmgww (envelope-from ); Fri, 04 Aug 2023 06:00:08 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 2ab71d6d-328c-11ee-b26a-6b7b168915f2 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=susede1; t=1691128808; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=3lY3SIuVkWF2aYitFeP1w+X45FAECaznTjuW2uDVbFM=; b=tWqmlujgIyMbifW6nkPJCknlhHCYxlY1bE7VXSC1Opgp+ckF2QA5RAB9//kvLkFnY1krmD V6eIJZj8JWchrvjfoTBMxjWQZWJh0bcVkjMubDqIFeok2KP9VAaWyM+qvbKM6Ijac943tF JcR8V4+dMHRz4jIu7EZSyRrF7LvNMns= From: Juergen Gross To: xen-devel@lists.xenproject.org Cc: Juergen Gross , Wei Liu , Anthony PERARD Subject: [PATCH 1/2] tools: add configure option for disabling pygrub Date: Fri, 4 Aug 2023 07:59:59 +0200 Message-Id: <20230804060000.27710-2-jgross@suse.com> X-Mailer: git-send-email 2.35.3 In-Reply-To: <20230804060000.27710-1-jgross@suse.com> References: <20230804060000.27710-1-jgross@suse.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @suse.com) X-ZM-MESSAGEID: 1691128834666100003 Content-Type: text/plain; charset="utf-8" Add a "--disable-pygrub" option for being able to disable the build and installation of pygrub. There are two main reasons to do so: - A main reason to use pygrub is to allow a PV guest to choose its bitness (32- or 64-bit). Pygrub allows that by looking into the boot image and to start the guest in the correct mode depending on the kernel selected. With 32-bit PV guests being deprecated and the possibility to even build a hypervisor without 32-bit PV support, this use case is gone for at least some configurations. - Pygrub is running in dom0 with root privileges. As it is operating on guest controlled data (the boot image) and taking decisions based on this data, there is a possible security issue. Not being possible to use pygrub is thus a step towards more security. Default is still to build and install pygrub. Signed-off-by: Juergen Gross Acked-by: Anthony PERARD --- config/Tools.mk.in | 1 + tools/Makefile | 2 +- tools/configure | 26 ++++++++++++++++++++++++++ tools/configure.ac | 1 + 4 files changed, 29 insertions(+), 1 deletion(-) diff --git a/config/Tools.mk.in b/config/Tools.mk.in index b7cc2961d8..432d7496f1 100644 --- a/config/Tools.mk.in +++ b/config/Tools.mk.in @@ -48,6 +48,7 @@ CONFIG_QEMU_XEN :=3D @qemu_xen@ CONFIG_QEMUU_EXTRA_ARGS:=3D @EXTRA_QEMUU_CONFIGURE_ARGS@ CONFIG_LIBNL :=3D @libnl@ CONFIG_GOLANG :=3D @golang@ +CONFIG_PYGRUB :=3D @pygrub@ =20 CONFIG_SYSTEMD :=3D @systemd@ SYSTEMD_CFLAGS :=3D @SYSTEMD_CFLAGS@ diff --git a/tools/Makefile b/tools/Makefile index 1ff90ddfa0..bbd75ebc1a 100644 --- a/tools/Makefile +++ b/tools/Makefile @@ -36,7 +36,7 @@ SUBDIRS-$(CONFIG_X86) +=3D debugger SUBDIRS-$(CONFIG_TESTS) +=3D tests =20 SUBDIRS-y +=3D python -SUBDIRS-y +=3D pygrub +SUBDIRS-$(CONFIG_PYGRUB) +=3D pygrub SUBDIRS-$(OCAML_TOOLS) +=3D ocaml =20 ifeq ($(CONFIG_RUMP),y) diff --git a/tools/configure b/tools/configure index 52b4717d01..130e0d9abf 100755 --- a/tools/configure +++ b/tools/configure @@ -707,6 +707,7 @@ AS86 ipxe qemu_traditional LINUX_BACKEND_MODULES +pygrub golang seabios ovmf @@ -811,6 +812,7 @@ enable_xsmpolicy enable_ovmf enable_seabios enable_golang +enable_pygrub with_linux_backend_modules enable_qemu_traditional enable_ipxe @@ -1498,6 +1500,7 @@ Optional Features: --enable-ovmf Enable OVMF (default is DISABLED) --disable-seabios Disable SeaBIOS (default is ENABLED) --disable-golang Disable Go tools (default is ENABLED) + --disable-pygrub Disable pygrub (default is ENABLED) --enable-qemu-traditional Enable qemu traditional device model, (DEFAULT is off) @@ -4287,6 +4290,29 @@ golang=3D$ax_cv_golang =20 =20 =20 +# Check whether --enable-pygrub was given. +if test "${enable_pygrub+set}" =3D set; then : + enableval=3D$enable_pygrub; +fi + + +if test "x$enable_pygrub" =3D "xno"; then : + + ax_cv_pygrub=3D"n" + +elif test "x$enable_pygrub" =3D "xyes"; then : + + ax_cv_pygrub=3D"y" + +elif test -z $ax_cv_pygrub; then : + + ax_cv_pygrub=3D"y" + +fi +pygrub=3D$ax_cv_pygrub + + + =20 # Check whether --with-linux-backend-modules was given. if test "${with_linux_backend_modules+set}" =3D set; then : diff --git a/tools/configure.ac b/tools/configure.ac index 3cccf41960..9947bcefc6 100644 --- a/tools/configure.ac +++ b/tools/configure.ac @@ -89,6 +89,7 @@ AX_ARG_DEFAULT_ENABLE([xsmpolicy], [Disable XSM policy co= mpilation]) AX_ARG_DEFAULT_DISABLE([ovmf], [Enable OVMF]) AX_ARG_DEFAULT_ENABLE([seabios], [Disable SeaBIOS]) AX_ARG_DEFAULT_ENABLE([golang], [Disable Go tools]) +AX_ARG_DEFAULT_ENABLE([pygrub], [Disable pygrub]) =20 AC_ARG_WITH([linux-backend-modules], AS_HELP_STRING([--with-linux-backend-modules=3D"mod1 mod2"], --=20 2.35.3 From nobody Thu May 16 08:26:54 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass(p=quarantine dis=none) header.from=suse.com ARC-Seal: i=1; a=rsa-sha256; t=1691128836; cv=none; d=zohomail.com; s=zohoarc; b=dhWDVY1i7jcYxjBE3BBsrftzYHuRJoKb4i/i5oxmtesgSi6rXVuIxhTgDX6LzzAPkLn92F/wr5N+0+FsatMNbcM5xKapZg7u803g5cyMRxHMu5d4PExxpVxKuK9g+2uxJdmG0aNPVAMyF6Vh84KNPQ/Yq4pT9t/zSR9ZoDv7OWg= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1691128836; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=EzluZzjBGFWytrE7XLiRjbQBObqzhDXzMAFkA/Hykgo=; b=jJQwRhZSprsIqsIpKZAo6LpVYuZ3rY9QlM389hxyAOqy8UW/VknYI9ul2M6IeON++Wnx/OpMHhKBFQbi1XY3GAGeZTibeRMQcNcyzBC6C26nVrtm01IzW7/9DyN7mgWXZydyvR5X8pHVeml9pk00Je70PvUz26vQwFe5EUKcnY4= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 169112883632358.84480644694452; Thu, 3 Aug 2023 23:00:36 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.576832.903429 (Exim 4.92) (envelope-from ) id 1qRnrG-0004FW-SI; Fri, 04 Aug 2023 06:00:18 +0000 Received: by outflank-mailman (output) from mailman id 576832.903429; Fri, 04 Aug 2023 06:00:18 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1qRnrG-0004FP-PG; Fri, 04 Aug 2023 06:00:18 +0000 Received: by outflank-mailman (input) for mailman id 576832; Fri, 04 Aug 2023 06:00:17 +0000 Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50] helo=se1-gles-flk1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1qRnrF-0004DM-6L for xen-devel@lists.xenproject.org; Fri, 04 Aug 2023 06:00:17 +0000 Received: from smtp-out2.suse.de (smtp-out2.suse.de [195.135.220.29]) by se1-gles-flk1.inumbo.com (Halon) with ESMTPS id 2e52605d-328c-11ee-8613-37d641c3527e; Fri, 04 Aug 2023 08:00:15 +0200 (CEST) Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by smtp-out2.suse.de (Postfix) with ESMTPS id C926E1F8A3; Fri, 4 Aug 2023 06:00:14 +0000 (UTC) Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by imap2.suse-dmz.suse.de (Postfix) with ESMTPS id A1202133B5; Fri, 4 Aug 2023 06:00:14 +0000 (UTC) Received: from dovecot-director2.suse.de ([192.168.254.65]) by imap2.suse-dmz.suse.de with ESMTPSA id lr/uJe6TzGR8MQAAMHmgww (envelope-from ); Fri, 04 Aug 2023 06:00:14 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 2e52605d-328c-11ee-8613-37d641c3527e DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=susede1; t=1691128814; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=EzluZzjBGFWytrE7XLiRjbQBObqzhDXzMAFkA/Hykgo=; b=TitJxUkm236pFFRaEFGa6ewz80M0Tq1NoRvoD47zqt+1lKPnokiSyoH+DIwGo14WBlBAKr s9EfqNHRpgUs75VPa8WTz3mitH6K4hsP6AAxmbo9gvXq2w0vkQSAffp8ko4PFcITPmPhbc /NNizLNHdkrQlrCUTZW5nPJ7DLf/Y10= From: Juergen Gross To: xen-devel@lists.xenproject.org Cc: Juergen Gross , Wei Liu , Anthony PERARD Subject: [PATCH 2/2] tools: add configure option for libfsimage Date: Fri, 4 Aug 2023 08:00:00 +0200 Message-Id: <20230804060000.27710-3-jgross@suse.com> X-Mailer: git-send-email 2.35.3 In-Reply-To: <20230804060000.27710-1-jgross@suse.com> References: <20230804060000.27710-1-jgross@suse.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @suse.com) X-ZM-MESSAGEID: 1691128838389100001 Content-Type: text/plain; charset="utf-8" The only in-tree user of libfsimage is pygrub. Now that it is possible to disable the build of pygrub, the same should be possible for libfsimage. Add an option for controlling the build of libfsimage. The default is on if pygrub is being built, and off if it isn't. Without pygrub the build of libfsimage can be enabled via --enable-libfsimage. Signed-off-by: Juergen Gross --- config/Tools.mk.in | 1 + tools/Makefile | 2 +- tools/configure | 28 ++++++++++++++++++++++++++++ tools/configure.ac | 13 +++++++++++++ 4 files changed, 43 insertions(+), 1 deletion(-) diff --git a/config/Tools.mk.in b/config/Tools.mk.in index 432d7496f1..b54ab21f96 100644 --- a/config/Tools.mk.in +++ b/config/Tools.mk.in @@ -49,6 +49,7 @@ CONFIG_QEMUU_EXTRA_ARGS:=3D @EXTRA_QEMUU_CONFIGURE_ARGS@ CONFIG_LIBNL :=3D @libnl@ CONFIG_GOLANG :=3D @golang@ CONFIG_PYGRUB :=3D @pygrub@ +CONFIG_LIBFSIMAGE :=3D @libfsimage@ =20 CONFIG_SYSTEMD :=3D @systemd@ SYSTEMD_CFLAGS :=3D @SYSTEMD_CFLAGS@ diff --git a/tools/Makefile b/tools/Makefile index bbd75ebc1a..311a9098d7 100644 --- a/tools/Makefile +++ b/tools/Makefile @@ -18,7 +18,7 @@ SUBDIRS-$(CONFIG_X86) +=3D firmware SUBDIRS-y +=3D console SUBDIRS-y +=3D xenmon SUBDIRS-$(XENSTAT_XENTOP) +=3D xentop -SUBDIRS-y +=3D libfsimage +SUBDIRS-$(CONFIG_LIBFSIMAGE) +=3D libfsimage SUBDIRS-$(CONFIG_Linux) +=3D vchan =20 # do not recurse in to a dir we are about to delete diff --git a/tools/configure b/tools/configure index 130e0d9abf..60dca366ca 100755 --- a/tools/configure +++ b/tools/configure @@ -700,6 +700,7 @@ EXTRA_QEMUU_CONFIGURE_ARGS qemu_xen_systemd qemu_xen_path qemu_xen +libfsimage rombios BCC LD86 @@ -818,6 +819,7 @@ enable_qemu_traditional enable_ipxe with_system_ipxe enable_rombios +enable_libfsimage with_system_qemu with_stubdom_qmp_proxy with_system_seabios @@ -1508,6 +1510,8 @@ Optional Features: --with-system-ipxe) --enable-rombios Enable ROMBIOS, (DEFAULT is on if qemu-tradition= al or ipxe is enabled, otherwise off) + --enable-libfsimage Enable libfsimage, (DEFAULT is on if pygrub is + enabled, otherwise off) --enable-systemd Enable systemd support (default is DISABLED) --enable-9pfs Explicitly enable 9pfs support in QEMU build (default is to defer to QEMU configure default) @@ -4621,6 +4625,30 @@ else fi =20 =20 +# Check whether --enable-libfsimage was given. +if test "${enable_libfsimage+set}" =3D set; then : + enableval=3D$enable_libfsimage; +else + + if test "x$enable_pygrub" =3D "xno"; then : + + enable_libfsimage=3D"no" + +else + + enable_libfsimage=3D"yes" + +fi + +fi + +if test "x$enable_libfsimage" =3D "xyes"; then : + libfsimage=3Dy +else + libfsimage=3Dn +fi + + =20 # Check whether --with-system-qemu was given. if test "${with_system_qemu+set}" =3D set; then : diff --git a/tools/configure.ac b/tools/configure.ac index 9947bcefc6..aea24eb982 100644 --- a/tools/configure.ac +++ b/tools/configure.ac @@ -185,6 +185,19 @@ AS_IF([test "x$enable_rombios" =3D "xyes"], [ ]) AC_SUBST(rombios) =20 +AC_ARG_ENABLE([libfsimage], + AS_HELP_STRING([--enable-libfsimage], + [Enable libfsimage, (DEFAULT is on if pygrub is enabled, + otherwise off)]),,[ + AS_IF([test "x$enable_pygrub" =3D "xno"], [ + enable_libfsimage=3D"no" + ], [ + enable_libfsimage=3D"yes" + ]) +]) +AS_IF([test "x$enable_libfsimage" =3D "xyes"], [libfsimage=3Dy], [libfsima= ge=3Dn]) +AC_SUBST(libfsimage) + AC_ARG_WITH([system-qemu], AS_HELP_STRING([--with-system-qemu@<:@=3DPATH@:>@], [Use system supplied qemu PATH or qemu (taken from $PATH) as qemu-x= en --=20 2.35.3