Xen project Mailing List

Re: [PATCH] xen/arm: Prevent Dom0 to be loaded when using dom0less

From: Luca Fancellu <luca.fancellu@xxxxxxx>

Date: Thu, 18 Mar 2021 11:57:26 +0000

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=59GxXDnR8AYB0nQcvHH9zOhiO9jslDGqXyWUrvSuISU=; b=L6gqrGsFy6npIx2WJbITo/m+/x5zlhmJ7DXZ+88f45KxiAH1rtFxNg5VU5VjnsMfl6Ba2gCys+8KVx7mQC07If2Dd/hPeHy6aqanWc+cEx0Dg4MNVZWuVjCTtzwFbn/lxcYykJHLy4WfkzdoFo55M4htQMDR2HB3kyozygbcFG9rVVqwsrZd7PUMDD5/VL8mQ5TuXJ5xebOhW6A5J847Q+CBN7O11LopuNg/kSGZWSbdTU4cKIKGXmfWlolJ3qG2Ky16MdIxBkl7VEA2ZoCFjOisyt5DQv4arfmJpia3pgI+EDoWMgTJq5GhinMnqRVUYD8Em9BOaN88VXaHVpU4IA==

Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=H6rHw/5l4Qa3f2FJ2X36MsGGiiT5yax2Fgvzeol0InWG6/GfzfYU2oOT/jC+I9wKA/hfJAZeWwvJx3g1PWU26Src5YtKItsbe4b9sQrvC/1z/HVfpkmGC5FvWYrfRhLNko66zW+3V+wAK+8O6NTtahTLn8Iy2t5bBlaNIiwiMfaZ8O2EBdkaMFaDnvsTcCnjKzVFNyXOBphvwraX1ivYVhKQ4NPDPDYCGTXYyalwv1te2g1WyaZKk6h9X8zESeSlo1uNNklAqIy7C0E+UJDFWR916Q96a3nf3t/oNfYc2Qn6Rl7VVkcx6PqvRHr0oMzTtWfy8DaNCnx1/rYGwrYLzQ==

Authentication-results-original: xen.org; dkim=none (message not signed) header.d=none;xen.org; dmarc=none action=none header.from=arm.com;

Cc: Stefano Stabellini <sstabellini@xxxxxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx, Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>, Bertrand Marquis <bertrand.marquis@xxxxxxx>, wei.chen@xxxxxxx

Delivery-date: Thu, 18 Mar 2021 11:58:07 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

Nodisclaimer: true

Original-authentication-results: xen.org; dkim=none (message not signed) header.d=none;xen.org; dmarc=none action=none header.from=arm.com;

Hi Julien, I will create a new serie with all the improvements we have discussed. Thank you for your time. Cheers, Luca > On 18 Mar 2021, at 11:13, Julien Grall <julien@xxxxxxx> wrote: > > > > On 17/03/2021 17:04, Luca Fancellu wrote: >> Hi, > > Hi Luca, > >> I’ve checked the common code and the arm part, I can confirm that the domid >> 0 is never allocated even if the domain 0 is not present, here the only >> places where domain_create(…) is called using a variable value: > > Thanks for checking it! > > >> 1) xen/arch/arm/domain_build.c >> d = domain_create(++max_init_domid, &d_cfg, false); >> Where max_init_domid has value 0 and it is defined in setup.c > > We might want to add a comment on top of this code to explain why the '++a' > rather than 'a++'. > >> 2) xen/common/domctl.c >> d = domain_create(dom, &op->u.createdomain, false); >> For me seems that the dom variable won’t take the 0 value, if someone could >> give another feedback it would be great. >> On every other part where domain_create(…) is used, it is called with a >> constant value different from 0. > > I agree with the analysis. However, I feel this is fragile because we rely on > the caller to never pass 0. But it looks like domain_create() doesn't check > if the ID is already used. So it would already be possible to overwrite > hardware_domain. > > Therefore, this can probably be deffered. > >> For the hardware_domain being NULL and not handled in some situation, it >> seems that it’s not directly related to this patch, but I can handle it on a >> next serie, from a quick look it seems that many cases can be handled by >> checking if the domain is NULL in is_hardware_domain(…). > > Before this series, it is not possible to have hardware_domain == NULL at > runtime because dom0 is always created. > > Cheers, > > -- > Julien Grall

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.