From b1119ca5b2b12d67f2204a3f110a80bc0d7485cb Mon Sep 17 00:00:00 2001
From: Roger Pau Monne <roger.pau@citrix.com>
Date: Thu, 30 Jun 2022 14:35:35 +0200
Subject: [PATCH] tools/libxl: env variable to signal whether disk/nic backend
 is trusted
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Introduce support in libxl for fetching the default backend trusted
option for disk and nic devices.

Users can set libxl_{disk,nic}_backend_untrusted environment variable
to notify libxl of whether the backends for disk and nic devices
should be trusted.  Such information is passed into the frontend so it
can take the appropriate measures.

This is part of XSA-403.

WARNING: this patch will never be applied to the intended
repository/branch because it's only for stable branches in order to
avoid breaking the libxl ABI.

Signed-off-by: Roger Pau Monné <roger.pau@citrix.com>
---
 tools/libs/light/libxl_disk.c | 5 ++++-
 tools/libs/light/libxl_nic.c  | 5 ++++-
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/tools/libs/light/libxl_disk.c b/tools/libs/light/libxl_disk.c
index 9da2b2ed27..ec17ed7297 100644
--- a/tools/libs/light/libxl_disk.c
+++ b/tools/libs/light/libxl_disk.c
@@ -159,7 +159,10 @@ static int libxl__device_disk_setdefault(libxl__gc *gc, uint32_t domid,
     libxl_defbool_setdefault(&disk->discard_enable, !!disk->readwrite);
     libxl_defbool_setdefault(&disk->colo_enable, false);
     libxl_defbool_setdefault(&disk->colo_restore_enable, false);
-    libxl_defbool_setdefault(&disk->trusted, true);
+    if (getenv("libxl_disk_backend_untrusted"))
+        libxl_defbool_setdefault(&disk->trusted, false);
+    else
+        libxl_defbool_setdefault(&disk->trusted, true);
 
     rc = libxl__resolve_domid(gc, disk->backend_domname, &disk->backend_domid);
     if (rc < 0) return rc;
diff --git a/tools/libs/light/libxl_nic.c b/tools/libs/light/libxl_nic.c
index d6bf06fc34..19f6ee1cd4 100644
--- a/tools/libs/light/libxl_nic.c
+++ b/tools/libs/light/libxl_nic.c
@@ -116,7 +116,10 @@ static int libxl__device_nic_setdefault(libxl__gc *gc, uint32_t domid,
         abort();
     }
 
-    libxl_defbool_setdefault(&nic->trusted, true);
+    if (getenv("libxl_nic_backend_untrusted"))
+        libxl_defbool_setdefault(&nic->trusted, false);
+    else
+        libxl_defbool_setdefault(&nic->trusted, true);
 
     return rc;
 }
-- 
2.37.0