xenbits.xensource.com Git - xen.git/commit

author	Julien Grall <jgrall@amazon.com>
	Mon, 17 May 2021 16:47:13 +0000 (17:47 +0100)
committer	Andrew Cooper <andrew.cooper3@citrix.com>
	Tue, 8 Jun 2021 16:43:06 +0000 (17:43 +0100)
commit	371347c5b64da699d9f5a0edda5dc496fd2b7a5c
tree	a20659bcf86703a19d1f42d68e0a1ee02b9df5cb	tree
parent	0ba0663b1b32d9351890dfd02bdebb3d238897bd	commit \| diff

xen/arm: Create dom0less domUs earlier

In a follow-up patch we will need to unallocate the boot modules
before heap_init_late() is called.

The modules will contain the domUs kernel and initramfs. Therefore Xen
will need to create extra domUs (used by dom0less) before heap_init_late().

This has two consequences on dom0less:
    1) Domains will not be unpaused as soon as they are created but
    once all have been created. However, Xen doesn't guarantee an order
    to unpause, so this is not something one could rely on.

    2) The memory allocated for a domU will not be scrubbed anymore when an
    admin select bootscrub=on. This is not something we advertised, but if
    this is a concern we can introduce either force scrub for all domUs or
    a per-domain flag in the DT. The behavior for bootscrub=off and
    bootscrub=idle (default) has not changed.

This is part of XSA-372 / CVE-2021-28693.

Signed-off-by: Julien Grall <jgrall@amazon.com>
Reviewed-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Stefano Stabellini <sstabellini@kernel.org>
Tested-by: Stefano Stabellini <sstabellini@kernel.org>

xen/arch/arm/domain_build.c		diff \| blob \| blame \| history
xen/arch/arm/setup.c		diff \| blob \| blame \| history
xen/include/asm-arm/setup.h		diff \| blob \| blame \| history