aboutsummaryrefslogtreecommitdiff
path: root/system/xen/xsa/xsa372-4.15-0001-xen-arm-Create-dom0less-domUs-earlier.patch
diff options
context:
space:
mode:
Diffstat (limited to 'system/xen/xsa/xsa372-4.15-0001-xen-arm-Create-dom0less-domUs-earlier.patch')
-rw-r--r--system/xen/xsa/xsa372-4.15-0001-xen-arm-Create-dom0less-domUs-earlier.patch85
1 files changed, 0 insertions, 85 deletions
diff --git a/system/xen/xsa/xsa372-4.15-0001-xen-arm-Create-dom0less-domUs-earlier.patch b/system/xen/xsa/xsa372-4.15-0001-xen-arm-Create-dom0less-domUs-earlier.patch
deleted file mode 100644
index a21dba440c57..000000000000
--- a/system/xen/xsa/xsa372-4.15-0001-xen-arm-Create-dom0less-domUs-earlier.patch
+++ /dev/null
@@ -1,85 +0,0 @@
-From b1e5a89f19d9919c3eae17ab9c6a663b0801ad9c Mon Sep 17 00:00:00 2001
-From: Julien Grall <jgrall@amazon.com>
-Date: Mon, 17 May 2021 17:47:13 +0100
-Subject: [PATCH 1/2] xen/arm: Create dom0less domUs earlier
-
-In a follow-up patch we will need to unallocate the boot modules
-before heap_init_late() is called.
-
-The modules will contain the domUs kernel and initramfs. Therefore Xen
-will need to create extra domUs (used by dom0less) before heap_init_late().
-
-This has two consequences on dom0less:
- 1) Domains will not be unpaused as soon as they are created but
- once all have been created. However, Xen doesn't guarantee an order
- to unpause, so this is not something one could rely on.
-
- 2) The memory allocated for a domU will not be scrubbed anymore when an
- admin select bootscrub=on. This is not something we advertised, but if
- this is a concern we can introduce either force scrub for all domUs or
- a per-domain flag in the DT. The behavior for bootscrub=off and
- bootscrub=idle (default) has not changed.
-
-This is part of XSA-372 / CVE-2021-28693.
-
-Signed-off-by: Julien Grall <jgrall@amazon.com>
-Reviewed-by: Jan Beulich <jbeulich@suse.com>
-Reviewed-by: Stefano Stabellini <sstabellini@kernel.org>
-Tested-by: Stefano Stabellini <sstabellini@kernel.org>
----
- xen/arch/arm/domain_build.c | 2 --
- xen/arch/arm/setup.c | 11 ++++++-----
- 2 files changed, 6 insertions(+), 7 deletions(-)
-
-diff --git a/xen/arch/arm/domain_build.c b/xen/arch/arm/domain_build.c
-index 374bf655ee34..4203ddcca0e3 100644
---- a/xen/arch/arm/domain_build.c
-+++ b/xen/arch/arm/domain_build.c
-@@ -2515,8 +2515,6 @@ void __init create_domUs(void)
-
- if ( construct_domU(d, node) != 0 )
- panic("Could not set up domain %s\n", dt_node_name(node));
--
-- domain_unpause_by_systemcontroller(d);
- }
- }
-
-diff --git a/xen/arch/arm/setup.c b/xen/arch/arm/setup.c
-index 2532ec973913..441e0e16e9f0 100644
---- a/xen/arch/arm/setup.c
-+++ b/xen/arch/arm/setup.c
-@@ -804,7 +804,7 @@ void __init start_xen(unsigned long boot_phys_offset,
- int cpus, i;
- const char *cmdline;
- struct bootmodule *xen_bootmodule;
-- struct domain *dom0;
-+ struct domain *dom0, *d;
- struct xen_domctl_createdomain dom0_cfg = {
- .flags = XEN_DOMCTL_CDF_hvm | XEN_DOMCTL_CDF_hap,
- .max_evtchn_port = -1,
-@@ -987,6 +987,9 @@ void __init start_xen(unsigned long boot_phys_offset,
- if ( construct_dom0(dom0) != 0)
- panic("Could not set up DOM0 guest OS\n");
-
-+ if ( acpi_disabled )
-+ create_domUs();
-+
- heap_init_late();
-
- init_trace_bufs();
-@@ -1000,10 +1003,8 @@ void __init start_xen(unsigned long boot_phys_offset,
-
- system_state = SYS_STATE_active;
-
-- if ( acpi_disabled )
-- create_domUs();
--
-- domain_unpause_by_systemcontroller(dom0);
-+ for_each_domain( d )
-+ domain_unpause_by_systemcontroller(d);
-
- /* Switch on to the dynamically allocated stack for the idle vcpu
- * since the static one we're running on is about to be freed. */
---
-2.17.1
-