From ad5d0db5e68e5d4e79255fa85d9cb0069bb1c5d5 Mon Sep 17 00:00:00 2001
From: Alejandro Vallejo <alejandro.vallejo@cloud.com>
Date: Mon, 25 Sep 2023 18:32:21 +0100
Subject: [PATCH 05/11] tools/pygrub: Remove unnecessary hypercall

There's a hypercall being issued in order to determine whether PV64 is
supported, but since Xen 4.3 that's strictly true so it's not required.

Plus, this way we can avoid mapping the privcmd interface altogether in the
depriv pygrub.

This is part of XSA-443 / CVE-2023-34325

Signed-off-by: Alejandro Vallejo <alejandro.vallejo@cloud.com>
Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
---
 tools/pygrub/src/pygrub | 12 +-----------
 1 file changed, 1 insertion(+), 11 deletions(-)

diff --git a/tools/pygrub/src/pygrub b/tools/pygrub/src/pygrub
index ce7ab0eb8cf3..ce4e07d3e823 100755
--- a/tools/pygrub/src/pygrub
+++ b/tools/pygrub/src/pygrub
@@ -18,7 +18,6 @@ import os, sys, string, struct, tempfile, re, traceback, stat, errno
 import copy
 import logging
 import platform
-import xen.lowlevel.xc
 
 import curses, _curses, curses.textpad, curses.ascii
 import getopt
@@ -668,14 +667,6 @@ def run_grub(file, entry, fs, cfg_args):
 
     return grubcfg
 
-def supports64bitPVguest():
-    xc = xen.lowlevel.xc.xc()
-    caps = xc.xeninfo()['xen_caps'].split(" ")
-    for cap in caps:
-        if cap == "xen-3.0-x86_64":
-            return True
-    return False
-
 # If nothing has been specified, look for a Solaris domU. If found, perform the
 # necessary tweaks.
 def sniff_solaris(fs, cfg):
@@ -684,8 +675,7 @@ def sniff_solaris(fs, cfg):
         return cfg
 
     if not cfg["kernel"]:
-        if supports64bitPVguest() and \
-          fs.file_exists("/platform/i86xpv/kernel/amd64/unix"):
+        if fs.file_exists("/platform/i86xpv/kernel/amd64/unix"):
             cfg["kernel"] = "/platform/i86xpv/kernel/amd64/unix"
             cfg["ramdisk"] = "/platform/i86pc/amd64/boot_archive"
         elif fs.file_exists("/platform/i86xpv/kernel/unix"):
-- 
2.42.0