diff options
Diffstat (limited to 'system/xen/xsa/xsa372-4.15-0001-xen-arm-Create-dom0less-domUs-earlier.patch')
| -rw-r--r-- | system/xen/xsa/xsa372-4.15-0001-xen-arm-Create-dom0less-domUs-earlier.patch | 85 |
1 files changed, 85 insertions, 0 deletions
diff --git a/system/xen/xsa/xsa372-4.15-0001-xen-arm-Create-dom0less-domUs-earlier.patch b/system/xen/xsa/xsa372-4.15-0001-xen-arm-Create-dom0less-domUs-earlier.patch new file mode 100644 index 0000000000..a21dba440c --- /dev/null +++ b/system/xen/xsa/xsa372-4.15-0001-xen-arm-Create-dom0less-domUs-earlier.patch @@ -0,0 +1,85 @@ +From b1e5a89f19d9919c3eae17ab9c6a663b0801ad9c Mon Sep 17 00:00:00 2001 +From: Julien Grall <jgrall@amazon.com> +Date: Mon, 17 May 2021 17:47:13 +0100 +Subject: [PATCH 1/2] xen/arm: Create dom0less domUs earlier + +In a follow-up patch we will need to unallocate the boot modules +before heap_init_late() is called. + +The modules will contain the domUs kernel and initramfs. Therefore Xen +will need to create extra domUs (used by dom0less) before heap_init_late(). + +This has two consequences on dom0less: + 1) Domains will not be unpaused as soon as they are created but + once all have been created. However, Xen doesn't guarantee an order + to unpause, so this is not something one could rely on. + + 2) The memory allocated for a domU will not be scrubbed anymore when an + admin select bootscrub=on. This is not something we advertised, but if + this is a concern we can introduce either force scrub for all domUs or + a per-domain flag in the DT. The behavior for bootscrub=off and + bootscrub=idle (default) has not changed. + +This is part of XSA-372 / CVE-2021-28693. + +Signed-off-by: Julien Grall <jgrall@amazon.com> +Reviewed-by: Jan Beulich <jbeulich@suse.com> +Reviewed-by: Stefano Stabellini <sstabellini@kernel.org> +Tested-by: Stefano Stabellini <sstabellini@kernel.org> +--- + xen/arch/arm/domain_build.c | 2 -- + xen/arch/arm/setup.c | 11 ++++++----- + 2 files changed, 6 insertions(+), 7 deletions(-) + +diff --git a/xen/arch/arm/domain_build.c b/xen/arch/arm/domain_build.c +index 374bf655ee34..4203ddcca0e3 100644 +--- a/xen/arch/arm/domain_build.c ++++ b/xen/arch/arm/domain_build.c +@@ -2515,8 +2515,6 @@ void __init create_domUs(void) + + if ( construct_domU(d, node) != 0 ) + panic("Could not set up domain %s\n", dt_node_name(node)); +- +- domain_unpause_by_systemcontroller(d); + } + } + +diff --git a/xen/arch/arm/setup.c b/xen/arch/arm/setup.c +index 2532ec973913..441e0e16e9f0 100644 +--- a/xen/arch/arm/setup.c ++++ b/xen/arch/arm/setup.c +@@ -804,7 +804,7 @@ void __init start_xen(unsigned long boot_phys_offset, + int cpus, i; + const char *cmdline; + struct bootmodule *xen_bootmodule; +- struct domain *dom0; ++ struct domain *dom0, *d; + struct xen_domctl_createdomain dom0_cfg = { + .flags = XEN_DOMCTL_CDF_hvm | XEN_DOMCTL_CDF_hap, + .max_evtchn_port = -1, +@@ -987,6 +987,9 @@ void __init start_xen(unsigned long boot_phys_offset, + if ( construct_dom0(dom0) != 0) + panic("Could not set up DOM0 guest OS\n"); + ++ if ( acpi_disabled ) ++ create_domUs(); ++ + heap_init_late(); + + init_trace_bufs(); +@@ -1000,10 +1003,8 @@ void __init start_xen(unsigned long boot_phys_offset, + + system_state = SYS_STATE_active; + +- if ( acpi_disabled ) +- create_domUs(); +- +- domain_unpause_by_systemcontroller(dom0); ++ for_each_domain( d ) ++ domain_unpause_by_systemcontroller(d); + + /* Switch on to the dynamically allocated stack for the idle vcpu + * since the static one we're running on is about to be freed. */ +-- +2.17.1 + |