|
![](https://seccdn.libravatar.org/avatar/f1a0ddfc363b14e167bf8548e95f340032d1964ae5b6ea4f235e351fd948008e?s=16&d=retro) |
84f0fa5 |
From b1e5a89f19d9919c3eae17ab9c6a663b0801ad9c Mon Sep 17 00:00:00 2001
|
|
![](https://seccdn.libravatar.org/avatar/f1a0ddfc363b14e167bf8548e95f340032d1964ae5b6ea4f235e351fd948008e?s=16&d=retro) |
84f0fa5 |
From: Julien Grall <jgrall@amazon.com>
|
|
![](https://seccdn.libravatar.org/avatar/f1a0ddfc363b14e167bf8548e95f340032d1964ae5b6ea4f235e351fd948008e?s=16&d=retro) |
84f0fa5 |
Date: Mon, 17 May 2021 17:47:13 +0100
|
|
![](https://seccdn.libravatar.org/avatar/f1a0ddfc363b14e167bf8548e95f340032d1964ae5b6ea4f235e351fd948008e?s=16&d=retro) |
84f0fa5 |
Subject: [PATCH 1/2] xen/arm: Create dom0less domUs earlier
|
|
![](https://seccdn.libravatar.org/avatar/f1a0ddfc363b14e167bf8548e95f340032d1964ae5b6ea4f235e351fd948008e?s=16&d=retro) |
84f0fa5 |
|
|
![](https://seccdn.libravatar.org/avatar/f1a0ddfc363b14e167bf8548e95f340032d1964ae5b6ea4f235e351fd948008e?s=16&d=retro) |
84f0fa5 |
In a follow-up patch we will need to unallocate the boot modules
|
|
![](https://seccdn.libravatar.org/avatar/f1a0ddfc363b14e167bf8548e95f340032d1964ae5b6ea4f235e351fd948008e?s=16&d=retro) |
84f0fa5 |
before heap_init_late() is called.
|
|
![](https://seccdn.libravatar.org/avatar/f1a0ddfc363b14e167bf8548e95f340032d1964ae5b6ea4f235e351fd948008e?s=16&d=retro) |
84f0fa5 |
|
|
![](https://seccdn.libravatar.org/avatar/f1a0ddfc363b14e167bf8548e95f340032d1964ae5b6ea4f235e351fd948008e?s=16&d=retro) |
84f0fa5 |
The modules will contain the domUs kernel and initramfs. Therefore Xen
|
|
![](https://seccdn.libravatar.org/avatar/f1a0ddfc363b14e167bf8548e95f340032d1964ae5b6ea4f235e351fd948008e?s=16&d=retro) |
84f0fa5 |
will need to create extra domUs (used by dom0less) before heap_init_late().
|
|
![](https://seccdn.libravatar.org/avatar/f1a0ddfc363b14e167bf8548e95f340032d1964ae5b6ea4f235e351fd948008e?s=16&d=retro) |
84f0fa5 |
|
|
![](https://seccdn.libravatar.org/avatar/f1a0ddfc363b14e167bf8548e95f340032d1964ae5b6ea4f235e351fd948008e?s=16&d=retro) |
84f0fa5 |
This has two consequences on dom0less:
|
|
![](https://seccdn.libravatar.org/avatar/f1a0ddfc363b14e167bf8548e95f340032d1964ae5b6ea4f235e351fd948008e?s=16&d=retro) |
84f0fa5 |
1) Domains will not be unpaused as soon as they are created but
|
|
![](https://seccdn.libravatar.org/avatar/f1a0ddfc363b14e167bf8548e95f340032d1964ae5b6ea4f235e351fd948008e?s=16&d=retro) |
84f0fa5 |
once all have been created. However, Xen doesn't guarantee an order
|
|
![](https://seccdn.libravatar.org/avatar/f1a0ddfc363b14e167bf8548e95f340032d1964ae5b6ea4f235e351fd948008e?s=16&d=retro) |
84f0fa5 |
to unpause, so this is not something one could rely on.
|
|
![](https://seccdn.libravatar.org/avatar/f1a0ddfc363b14e167bf8548e95f340032d1964ae5b6ea4f235e351fd948008e?s=16&d=retro) |
84f0fa5 |
|
|
![](https://seccdn.libravatar.org/avatar/f1a0ddfc363b14e167bf8548e95f340032d1964ae5b6ea4f235e351fd948008e?s=16&d=retro) |
84f0fa5 |
2) The memory allocated for a domU will not be scrubbed anymore when an
|
|
![](https://seccdn.libravatar.org/avatar/f1a0ddfc363b14e167bf8548e95f340032d1964ae5b6ea4f235e351fd948008e?s=16&d=retro) |
84f0fa5 |
admin select bootscrub=on. This is not something we advertised, but if
|
|
![](https://seccdn.libravatar.org/avatar/f1a0ddfc363b14e167bf8548e95f340032d1964ae5b6ea4f235e351fd948008e?s=16&d=retro) |
84f0fa5 |
this is a concern we can introduce either force scrub for all domUs or
|
|
![](https://seccdn.libravatar.org/avatar/f1a0ddfc363b14e167bf8548e95f340032d1964ae5b6ea4f235e351fd948008e?s=16&d=retro) |
84f0fa5 |
a per-domain flag in the DT. The behavior for bootscrub=off and
|
|
![](https://seccdn.libravatar.org/avatar/f1a0ddfc363b14e167bf8548e95f340032d1964ae5b6ea4f235e351fd948008e?s=16&d=retro) |
84f0fa5 |
bootscrub=idle (default) has not changed.
|
|
![](https://seccdn.libravatar.org/avatar/f1a0ddfc363b14e167bf8548e95f340032d1964ae5b6ea4f235e351fd948008e?s=16&d=retro) |
84f0fa5 |
|
|
![](https://seccdn.libravatar.org/avatar/f1a0ddfc363b14e167bf8548e95f340032d1964ae5b6ea4f235e351fd948008e?s=16&d=retro) |
84f0fa5 |
This is part of XSA-372 / CVE-2021-28693.
|
|
![](https://seccdn.libravatar.org/avatar/f1a0ddfc363b14e167bf8548e95f340032d1964ae5b6ea4f235e351fd948008e?s=16&d=retro) |
84f0fa5 |
|
|
![](https://seccdn.libravatar.org/avatar/f1a0ddfc363b14e167bf8548e95f340032d1964ae5b6ea4f235e351fd948008e?s=16&d=retro) |
84f0fa5 |
Signed-off-by: Julien Grall <jgrall@amazon.com>
|
|
![](https://seccdn.libravatar.org/avatar/f1a0ddfc363b14e167bf8548e95f340032d1964ae5b6ea4f235e351fd948008e?s=16&d=retro) |
84f0fa5 |
Reviewed-by: Jan Beulich <jbeulich@suse.com>
|
|
![](https://seccdn.libravatar.org/avatar/f1a0ddfc363b14e167bf8548e95f340032d1964ae5b6ea4f235e351fd948008e?s=16&d=retro) |
84f0fa5 |
Reviewed-by: Stefano Stabellini <sstabellini@kernel.org>
|
|
![](https://seccdn.libravatar.org/avatar/f1a0ddfc363b14e167bf8548e95f340032d1964ae5b6ea4f235e351fd948008e?s=16&d=retro) |
84f0fa5 |
Tested-by: Stefano Stabellini <sstabellini@kernel.org>
|
|
![](https://seccdn.libravatar.org/avatar/f1a0ddfc363b14e167bf8548e95f340032d1964ae5b6ea4f235e351fd948008e?s=16&d=retro) |
84f0fa5 |
---
|
|
![](https://seccdn.libravatar.org/avatar/f1a0ddfc363b14e167bf8548e95f340032d1964ae5b6ea4f235e351fd948008e?s=16&d=retro) |
84f0fa5 |
xen/arch/arm/domain_build.c | 2 --
|
|
![](https://seccdn.libravatar.org/avatar/f1a0ddfc363b14e167bf8548e95f340032d1964ae5b6ea4f235e351fd948008e?s=16&d=retro) |
84f0fa5 |
xen/arch/arm/setup.c | 11 ++++++-----
|
|
![](https://seccdn.libravatar.org/avatar/f1a0ddfc363b14e167bf8548e95f340032d1964ae5b6ea4f235e351fd948008e?s=16&d=retro) |
84f0fa5 |
2 files changed, 6 insertions(+), 7 deletions(-)
|
|
![](https://seccdn.libravatar.org/avatar/f1a0ddfc363b14e167bf8548e95f340032d1964ae5b6ea4f235e351fd948008e?s=16&d=retro) |
84f0fa5 |
|
|
![](https://seccdn.libravatar.org/avatar/f1a0ddfc363b14e167bf8548e95f340032d1964ae5b6ea4f235e351fd948008e?s=16&d=retro) |
84f0fa5 |
diff --git a/xen/arch/arm/domain_build.c b/xen/arch/arm/domain_build.c
|
|
![](https://seccdn.libravatar.org/avatar/f1a0ddfc363b14e167bf8548e95f340032d1964ae5b6ea4f235e351fd948008e?s=16&d=retro) |
84f0fa5 |
index 374bf655ee34..4203ddcca0e3 100644
|
|
![](https://seccdn.libravatar.org/avatar/f1a0ddfc363b14e167bf8548e95f340032d1964ae5b6ea4f235e351fd948008e?s=16&d=retro) |
84f0fa5 |
--- a/xen/arch/arm/domain_build.c
|
|
![](https://seccdn.libravatar.org/avatar/f1a0ddfc363b14e167bf8548e95f340032d1964ae5b6ea4f235e351fd948008e?s=16&d=retro) |
84f0fa5 |
+++ b/xen/arch/arm/domain_build.c
|
|
![](https://seccdn.libravatar.org/avatar/f1a0ddfc363b14e167bf8548e95f340032d1964ae5b6ea4f235e351fd948008e?s=16&d=retro) |
84f0fa5 |
@@ -2515,8 +2515,6 @@ void __init create_domUs(void)
|
|
![](https://seccdn.libravatar.org/avatar/f1a0ddfc363b14e167bf8548e95f340032d1964ae5b6ea4f235e351fd948008e?s=16&d=retro) |
84f0fa5 |
|
|
![](https://seccdn.libravatar.org/avatar/f1a0ddfc363b14e167bf8548e95f340032d1964ae5b6ea4f235e351fd948008e?s=16&d=retro) |
84f0fa5 |
if ( construct_domU(d, node) != 0 )
|
|
![](https://seccdn.libravatar.org/avatar/f1a0ddfc363b14e167bf8548e95f340032d1964ae5b6ea4f235e351fd948008e?s=16&d=retro) |
84f0fa5 |
panic("Could not set up domain %s\n", dt_node_name(node));
|
|
![](https://seccdn.libravatar.org/avatar/f1a0ddfc363b14e167bf8548e95f340032d1964ae5b6ea4f235e351fd948008e?s=16&d=retro) |
84f0fa5 |
-
|
|
![](https://seccdn.libravatar.org/avatar/f1a0ddfc363b14e167bf8548e95f340032d1964ae5b6ea4f235e351fd948008e?s=16&d=retro) |
84f0fa5 |
- domain_unpause_by_systemcontroller(d);
|
|
![](https://seccdn.libravatar.org/avatar/f1a0ddfc363b14e167bf8548e95f340032d1964ae5b6ea4f235e351fd948008e?s=16&d=retro) |
84f0fa5 |
}
|
|
![](https://seccdn.libravatar.org/avatar/f1a0ddfc363b14e167bf8548e95f340032d1964ae5b6ea4f235e351fd948008e?s=16&d=retro) |
84f0fa5 |
}
|
|
![](https://seccdn.libravatar.org/avatar/f1a0ddfc363b14e167bf8548e95f340032d1964ae5b6ea4f235e351fd948008e?s=16&d=retro) |
84f0fa5 |
|
|
![](https://seccdn.libravatar.org/avatar/f1a0ddfc363b14e167bf8548e95f340032d1964ae5b6ea4f235e351fd948008e?s=16&d=retro) |
84f0fa5 |
diff --git a/xen/arch/arm/setup.c b/xen/arch/arm/setup.c
|
|
![](https://seccdn.libravatar.org/avatar/f1a0ddfc363b14e167bf8548e95f340032d1964ae5b6ea4f235e351fd948008e?s=16&d=retro) |
84f0fa5 |
index 2532ec973913..441e0e16e9f0 100644
|
|
![](https://seccdn.libravatar.org/avatar/f1a0ddfc363b14e167bf8548e95f340032d1964ae5b6ea4f235e351fd948008e?s=16&d=retro) |
84f0fa5 |
--- a/xen/arch/arm/setup.c
|
|
![](https://seccdn.libravatar.org/avatar/f1a0ddfc363b14e167bf8548e95f340032d1964ae5b6ea4f235e351fd948008e?s=16&d=retro) |
84f0fa5 |
+++ b/xen/arch/arm/setup.c
|
|
![](https://seccdn.libravatar.org/avatar/f1a0ddfc363b14e167bf8548e95f340032d1964ae5b6ea4f235e351fd948008e?s=16&d=retro) |
84f0fa5 |
@@ -804,7 +804,7 @@ void __init start_xen(unsigned long boot_phys_offset,
|
|
![](https://seccdn.libravatar.org/avatar/f1a0ddfc363b14e167bf8548e95f340032d1964ae5b6ea4f235e351fd948008e?s=16&d=retro) |
84f0fa5 |
int cpus, i;
|
|
![](https://seccdn.libravatar.org/avatar/f1a0ddfc363b14e167bf8548e95f340032d1964ae5b6ea4f235e351fd948008e?s=16&d=retro) |
84f0fa5 |
const char *cmdline;
|
|
![](https://seccdn.libravatar.org/avatar/f1a0ddfc363b14e167bf8548e95f340032d1964ae5b6ea4f235e351fd948008e?s=16&d=retro) |
84f0fa5 |
struct bootmodule *xen_bootmodule;
|
|
![](https://seccdn.libravatar.org/avatar/f1a0ddfc363b14e167bf8548e95f340032d1964ae5b6ea4f235e351fd948008e?s=16&d=retro) |
84f0fa5 |
- struct domain *dom0;
|
|
![](https://seccdn.libravatar.org/avatar/f1a0ddfc363b14e167bf8548e95f340032d1964ae5b6ea4f235e351fd948008e?s=16&d=retro) |
84f0fa5 |
+ struct domain *dom0, *d;
|
|
![](https://seccdn.libravatar.org/avatar/f1a0ddfc363b14e167bf8548e95f340032d1964ae5b6ea4f235e351fd948008e?s=16&d=retro) |
84f0fa5 |
struct xen_domctl_createdomain dom0_cfg = {
|
|
![](https://seccdn.libravatar.org/avatar/f1a0ddfc363b14e167bf8548e95f340032d1964ae5b6ea4f235e351fd948008e?s=16&d=retro) |
84f0fa5 |
.flags = XEN_DOMCTL_CDF_hvm | XEN_DOMCTL_CDF_hap,
|
|
![](https://seccdn.libravatar.org/avatar/f1a0ddfc363b14e167bf8548e95f340032d1964ae5b6ea4f235e351fd948008e?s=16&d=retro) |
84f0fa5 |
.max_evtchn_port = -1,
|
|
![](https://seccdn.libravatar.org/avatar/f1a0ddfc363b14e167bf8548e95f340032d1964ae5b6ea4f235e351fd948008e?s=16&d=retro) |
84f0fa5 |
@@ -987,6 +987,9 @@ void __init start_xen(unsigned long boot_phys_offset,
|
|
![](https://seccdn.libravatar.org/avatar/f1a0ddfc363b14e167bf8548e95f340032d1964ae5b6ea4f235e351fd948008e?s=16&d=retro) |
84f0fa5 |
if ( construct_dom0(dom0) != 0)
|
|
![](https://seccdn.libravatar.org/avatar/f1a0ddfc363b14e167bf8548e95f340032d1964ae5b6ea4f235e351fd948008e?s=16&d=retro) |
84f0fa5 |
panic("Could not set up DOM0 guest OS\n");
|
|
![](https://seccdn.libravatar.org/avatar/f1a0ddfc363b14e167bf8548e95f340032d1964ae5b6ea4f235e351fd948008e?s=16&d=retro) |
84f0fa5 |
|
|
![](https://seccdn.libravatar.org/avatar/f1a0ddfc363b14e167bf8548e95f340032d1964ae5b6ea4f235e351fd948008e?s=16&d=retro) |
84f0fa5 |
+ if ( acpi_disabled )
|
|
![](https://seccdn.libravatar.org/avatar/f1a0ddfc363b14e167bf8548e95f340032d1964ae5b6ea4f235e351fd948008e?s=16&d=retro) |
84f0fa5 |
+ create_domUs();
|
|
![](https://seccdn.libravatar.org/avatar/f1a0ddfc363b14e167bf8548e95f340032d1964ae5b6ea4f235e351fd948008e?s=16&d=retro) |
84f0fa5 |
+
|
|
![](https://seccdn.libravatar.org/avatar/f1a0ddfc363b14e167bf8548e95f340032d1964ae5b6ea4f235e351fd948008e?s=16&d=retro) |
84f0fa5 |
heap_init_late();
|
|
![](https://seccdn.libravatar.org/avatar/f1a0ddfc363b14e167bf8548e95f340032d1964ae5b6ea4f235e351fd948008e?s=16&d=retro) |
84f0fa5 |
|
|
![](https://seccdn.libravatar.org/avatar/f1a0ddfc363b14e167bf8548e95f340032d1964ae5b6ea4f235e351fd948008e?s=16&d=retro) |
84f0fa5 |
init_trace_bufs();
|
|
![](https://seccdn.libravatar.org/avatar/f1a0ddfc363b14e167bf8548e95f340032d1964ae5b6ea4f235e351fd948008e?s=16&d=retro) |
84f0fa5 |
@@ -1000,10 +1003,8 @@ void __init start_xen(unsigned long boot_phys_offset,
|
|
![](https://seccdn.libravatar.org/avatar/f1a0ddfc363b14e167bf8548e95f340032d1964ae5b6ea4f235e351fd948008e?s=16&d=retro) |
84f0fa5 |
|
|
![](https://seccdn.libravatar.org/avatar/f1a0ddfc363b14e167bf8548e95f340032d1964ae5b6ea4f235e351fd948008e?s=16&d=retro) |
84f0fa5 |
system_state = SYS_STATE_active;
|
|
![](https://seccdn.libravatar.org/avatar/f1a0ddfc363b14e167bf8548e95f340032d1964ae5b6ea4f235e351fd948008e?s=16&d=retro) |
84f0fa5 |
|
|
![](https://seccdn.libravatar.org/avatar/f1a0ddfc363b14e167bf8548e95f340032d1964ae5b6ea4f235e351fd948008e?s=16&d=retro) |
84f0fa5 |
- if ( acpi_disabled )
|
|
![](https://seccdn.libravatar.org/avatar/f1a0ddfc363b14e167bf8548e95f340032d1964ae5b6ea4f235e351fd948008e?s=16&d=retro) |
84f0fa5 |
- create_domUs();
|
|
![](https://seccdn.libravatar.org/avatar/f1a0ddfc363b14e167bf8548e95f340032d1964ae5b6ea4f235e351fd948008e?s=16&d=retro) |
84f0fa5 |
-
|
|
![](https://seccdn.libravatar.org/avatar/f1a0ddfc363b14e167bf8548e95f340032d1964ae5b6ea4f235e351fd948008e?s=16&d=retro) |
84f0fa5 |
- domain_unpause_by_systemcontroller(dom0);
|
|
![](https://seccdn.libravatar.org/avatar/f1a0ddfc363b14e167bf8548e95f340032d1964ae5b6ea4f235e351fd948008e?s=16&d=retro) |
84f0fa5 |
+ for_each_domain( d )
|
|
![](https://seccdn.libravatar.org/avatar/f1a0ddfc363b14e167bf8548e95f340032d1964ae5b6ea4f235e351fd948008e?s=16&d=retro) |
84f0fa5 |
+ domain_unpause_by_systemcontroller(d);
|
|
![](https://seccdn.libravatar.org/avatar/f1a0ddfc363b14e167bf8548e95f340032d1964ae5b6ea4f235e351fd948008e?s=16&d=retro) |
84f0fa5 |
|
|
![](https://seccdn.libravatar.org/avatar/f1a0ddfc363b14e167bf8548e95f340032d1964ae5b6ea4f235e351fd948008e?s=16&d=retro) |
84f0fa5 |
/* Switch on to the dynamically allocated stack for the idle vcpu
|
|
![](https://seccdn.libravatar.org/avatar/f1a0ddfc363b14e167bf8548e95f340032d1964ae5b6ea4f235e351fd948008e?s=16&d=retro) |
84f0fa5 |
* since the static one we're running on is about to be freed. */
|
|
![](https://seccdn.libravatar.org/avatar/f1a0ddfc363b14e167bf8548e95f340032d1964ae5b6ea4f235e351fd948008e?s=16&d=retro) |
84f0fa5 |
--
|
|
![](https://seccdn.libravatar.org/avatar/f1a0ddfc363b14e167bf8548e95f340032d1964ae5b6ea4f235e351fd948008e?s=16&d=retro) |
84f0fa5 |
2.17.1
|
|
![](https://seccdn.libravatar.org/avatar/f1a0ddfc363b14e167bf8548e95f340032d1964ae5b6ea4f235e351fd948008e?s=16&d=retro) |
84f0fa5 |
|