xenbits.xensource.com Git - xen.git/commit

author	Andrew Cooper <andrew.cooper3@citrix.com>
	Fri, 29 Jun 2018 16:28:13 +0000 (16:28 +0000)
committer	Andrew Cooper <andrew.cooper3@citrix.com>
	Mon, 2 Jul 2018 17:04:20 +0000 (18:04 +0100)
commit	ef765ec9879ad0c7d9fe6cd8a5bb584056f3fea1
tree	d494c6a8a86bfaaa2c18c57fab65edfc04b945d7	tree
parent	c2c0f0db02623d9ad1ca70d1f1d759bb76715e47	commit \| diff

xen: Plumb an is_priv boolean into domain_create()

The current mechanism of setting dom0->is_privileged after construction means
that the is_control_domain() predicate returns false during construction.

In particular, this means that the CPUID Faulting special case in
init_domain_msr_policy() fails to take effect. (In actual fact, faulting
support is advertised to dom0, but attempting to configure it is silently
ignored because of the dom0 special case in ctxt_switch_levelling().)

This could be implemented using a flag in xen_domctl_createdomain, but using
an extra boolean parameter like this means that we can't accidentally allow
domain_create() to create a second dom0 due to parameter mis-auditing.

While adjusting the setting of dom0->is_privileged, drop the redundant zeroing
of dom0->target.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Reviewed-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Wei Liu <wei.liu2@citrix.com>
Reviewed-by: Roger Pau Monné <roger.pau@citrix.com>
Acked-by: Julien Grall <julien.grall@arm.com>

xen/arch/arm/mm.c		diff \| blob \| blame \| history
xen/arch/arm/setup.c		diff \| blob \| blame \| history
xen/arch/x86/mm.c		diff \| blob \| blame \| history
xen/arch/x86/setup.c		diff \| blob \| blame \| history
xen/common/domain.c		diff \| blob \| blame \| history
xen/common/domctl.c		diff \| blob \| blame \| history
xen/common/schedule.c		diff \| blob \| blame \| history
xen/include/xen/sched.h		diff \| blob \| blame \| history