tools/pygrub: Remove unnecessary hypercall

There's a hypercall being issued in order to determine whether PV64 is
supported, but since Xen 4.3 that's strictly true so it's not required.

Plus, this way we can avoid mapping the privcmd interface altogether in the
depriv pygrub.

This is part of XSA-443 / CVE-2023-34325

Signed-off-by: Alejandro Vallejo <alejandro.vallejo@cloud.com>
Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
(cherry picked from commit f4b504c6170c446e61055cbd388ae4e832a9deca)

diff --git a/tools/pygrub/src/pygrub b/tools/pygrub/src/pygrub
index ce7ab0eb8cf3c352dfc5ac1726b88cbbf953ff28..ce4e07d3e8232b55f737ab5565ca645374dcbaf4 100755 (executable)
--- a/tools/pygrub/src/pygrub
+++ b/tools/pygrub/src/pygrub
@@ -18,7 +18,6 @@ import os, sys, string, struct, tempfile, re, traceback, stat, errno
 import copy
 import logging
 import platform
-import xen.lowlevel.xc
 
 import curses, _curses, curses.textpad, curses.ascii
 import getopt
@@ -668,14 +667,6 @@ def run_grub(file, entry, fs, cfg_args):
 
     return grubcfg
 
-def supports64bitPVguest():
-    xc = xen.lowlevel.xc.xc()
-    caps = xc.xeninfo()['xen_caps'].split(" ")
-    for cap in caps:
-        if cap == "xen-3.0-x86_64":
-            return True
-    return False
-
 # If nothing has been specified, look for a Solaris domU. If found, perform the
 # necessary tweaks.
 def sniff_solaris(fs, cfg):
@@ -684,8 +675,7 @@ def sniff_solaris(fs, cfg):
         return cfg
 
     if not cfg["kernel"]:
-        if supports64bitPVguest() and \
-          fs.file_exists("/platform/i86xpv/kernel/amd64/unix"):
+        if fs.file_exists("/platform/i86xpv/kernel/amd64/unix"):
             cfg["kernel"] = "/platform/i86xpv/kernel/amd64/unix"
             cfg["ramdisk"] = "/platform/i86pc/amd64/boot_archive"
         elif fs.file_exists("/platform/i86xpv/kernel/unix"):