From: Jan Beulich Date: Wed, 11 May 2016 07:46:02 +0000 (+0200) Subject: XSA-77: widen scope again X-Git-Tag: archive/raspbian/4.8.0-1+rpi1~1^2~1132 X-Git-Url: https://dgit.raspbian.org/%22http://www.example.com/cgi/success//%22http:/www.example.com/cgi/success/?a=commitdiff_plain;h=5590bd17c474b3cff4a86216b17349a3045f6158;p=xen.git XSA-77: widen scope again As discussed on the hackathon, avoid us having to issue security advisories for issues affecting only heavily disaggregated tool stack setups, which no-one appears to use (or else they should step up to get things into shape). Signed-off-by: Jan Beulich Reviewed-by: Andrew Cooper --- diff --git a/docs/misc/xsm-flask.txt b/docs/misc/xsm-flask.txt index 00a2b132d9..d3015ca14e 100644 --- a/docs/misc/xsm-flask.txt +++ b/docs/misc/xsm-flask.txt @@ -59,68 +59,18 @@ http://www.xenproject.org/security-policy.html. __HYPERVISOR_domctl (xen/include/public/domctl.h) - The following subops are covered by this statement. subops not listed - here are considered safe for disaggregation. + All subops except the following are covered by this statement. (That + is, only the subops below are considered safe for disaggregation.) - * XEN_DOMCTL_createdomain - * XEN_DOMCTL_destroydomain - * XEN_DOMCTL_getmemlist - * XEN_DOMCTL_setvcpuaffinity - * XEN_DOMCTL_shadow_op - * XEN_DOMCTL_max_mem - * XEN_DOMCTL_setvcpucontext - * XEN_DOMCTL_getvcpucontext - * XEN_DOMCTL_max_vcpus - * XEN_DOMCTL_scheduler_op - * XEN_DOMCTL_iomem_permission - * XEN_DOMCTL_gethvmcontext - * XEN_DOMCTL_sethvmcontext - * XEN_DOMCTL_set_address_size - * XEN_DOMCTL_assign_device - * XEN_DOMCTL_pin_mem_cacheattr - * XEN_DOMCTL_set_ext_vcpucontext - * XEN_DOMCTL_get_ext_vcpucontext - * XEN_DOMCTL_test_assign_device - * XEN_DOMCTL_set_target - * XEN_DOMCTL_deassign_device - * XEN_DOMCTL_get_device_group - * XEN_DOMCTL_set_machine_address_size - * XEN_DOMCTL_debug_op - * XEN_DOMCTL_gethvmcontext_partial - * XEN_DOMCTL_vm_event_op - * XEN_DOMCTL_mem_sharing_op - * XEN_DOMCTL_setvcpuextstate - * XEN_DOMCTL_getvcpuextstate - * XEN_DOMCTL_set_access_required - * XEN_DOMCTL_set_virq_handler - * XEN_DOMCTL_set_broken_page_p2m - * XEN_DOMCTL_setnodeaffinity - * XEN_DOMCTL_gdbsx_guestmemio + * XEN_DOMCTL_ioport_mapping + * XEN_DOMCTL_memory_mapping + * XEN_DOMCTL_bind_pt_irq + * XEN_DOMCTL_unbind_pt_irq __HYPERVISOR_sysctl (xen/include/public/sysctl.h) - The following subops are covered by this statement. subops not listed - here are considered safe for disaggregation. - - * XEN_SYSCTL_readconsole - * XEN_SYSCTL_tbuf_op - * XEN_SYSCTL_physinfo - * XEN_SYSCTL_sched_id - * XEN_SYSCTL_perfc_op - * XEN_SYSCTL_getdomaininfolist - * XEN_SYSCTL_debug_keys - * XEN_SYSCTL_getcpuinfo - * XEN_SYSCTL_availheap - * XEN_SYSCTL_get_pmstat - * XEN_SYSCTL_cpu_hotplug - * XEN_SYSCTL_pm_op - * XEN_SYSCTL_page_offline_op - * XEN_SYSCTL_lockprof_op - * XEN_SYSCTL_cputopoinfo - * XEN_SYSCTL_numainfo - * XEN_SYSCTL_cpupool_op - * XEN_SYSCTL_scheduler_op - * XEN_SYSCTL_coverage_op + All subops are covered by this statement. (That is, no subops are + considered safe for disaggregation.) __HYPERVISOR_memory_op (xen/include/public/memory.h)