From b1e5a89f19d9919c3eae17ab9c6a663b0801ad9c Mon Sep 17 00:00:00 2001 From: Julien Grall Date: Mon, 17 May 2021 17:47:13 +0100 Subject: [PATCH 1/2] xen/arm: Create dom0less domUs earlier In a follow-up patch we will need to unallocate the boot modules before heap_init_late() is called. The modules will contain the domUs kernel and initramfs. Therefore Xen will need to create extra domUs (used by dom0less) before heap_init_late(). This has two consequences on dom0less: 1) Domains will not be unpaused as soon as they are created but once all have been created. However, Xen doesn't guarantee an order to unpause, so this is not something one could rely on. 2) The memory allocated for a domU will not be scrubbed anymore when an admin select bootscrub=on. This is not something we advertised, but if this is a concern we can introduce either force scrub for all domUs or a per-domain flag in the DT. The behavior for bootscrub=off and bootscrub=idle (default) has not changed. This is part of XSA-372 / CVE-2021-28693. Signed-off-by: Julien Grall Reviewed-by: Jan Beulich Reviewed-by: Stefano Stabellini Tested-by: Stefano Stabellini --- xen/arch/arm/domain_build.c | 2 -- xen/arch/arm/setup.c | 11 ++++++----- 2 files changed, 6 insertions(+), 7 deletions(-) diff --git a/xen/arch/arm/domain_build.c b/xen/arch/arm/domain_build.c index 374bf655ee34..4203ddcca0e3 100644 --- a/xen/arch/arm/domain_build.c +++ b/xen/arch/arm/domain_build.c @@ -2515,8 +2515,6 @@ void __init create_domUs(void) if ( construct_domU(d, node) != 0 ) panic("Could not set up domain %s\n", dt_node_name(node)); - - domain_unpause_by_systemcontroller(d); } } diff --git a/xen/arch/arm/setup.c b/xen/arch/arm/setup.c index 2532ec973913..441e0e16e9f0 100644 --- a/xen/arch/arm/setup.c +++ b/xen/arch/arm/setup.c @@ -804,7 +804,7 @@ void __init start_xen(unsigned long boot_phys_offset, int cpus, i; const char *cmdline; struct bootmodule *xen_bootmodule; - struct domain *dom0; + struct domain *dom0, *d; struct xen_domctl_createdomain dom0_cfg = { .flags = XEN_DOMCTL_CDF_hvm | XEN_DOMCTL_CDF_hap, .max_evtchn_port = -1, @@ -987,6 +987,9 @@ void __init start_xen(unsigned long boot_phys_offset, if ( construct_dom0(dom0) != 0) panic("Could not set up DOM0 guest OS\n"); + if ( acpi_disabled ) + create_domUs(); + heap_init_late(); init_trace_bufs(); @@ -1000,10 +1003,8 @@ void __init start_xen(unsigned long boot_phys_offset, system_state = SYS_STATE_active; - if ( acpi_disabled ) - create_domUs(); - - domain_unpause_by_systemcontroller(dom0); + for_each_domain( d ) + domain_unpause_by_systemcontroller(d); /* Switch on to the dynamically allocated stack for the idle vcpu * since the static one we're running on is about to be freed. */ -- 2.17.1