[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] xen/arm: Prevent Dom0 to be loaded when using dom0less





On 17/03/2021 17:04, Luca Fancellu wrote:
Hi,

Hi Luca,

I’ve checked the common code and the arm part, I can confirm that the domid 0 is never 
allocated even if the domain 0 is not present, here the only places where 
domain_create(…) is called using a variable value:

Thanks for checking it!


1) xen/arch/arm/domain_build.c
d = domain_create(++max_init_domid, &d_cfg, false);
Where max_init_domid has value 0 and it is defined in setup.c

We might want to add a comment on top of this code to explain why the '++a' rather than 'a++'.


2) xen/common/domctl.c
d = domain_create(dom, &op->u.createdomain, false);
For me seems that the dom variable won’t take the 0 value, if someone could 
give another feedback it would be great.

On every other part where domain_create(…) is used, it is called with a 
constant value different from 0.

I agree with the analysis. However, I feel this is fragile because we rely on the caller to never pass 0. But it looks like domain_create() doesn't check if the ID is already used. So it would already be possible to overwrite hardware_domain.

Therefore, this can probably be deffered.


For the hardware_domain being NULL and not handled in some situation, it seems that 
it’s not directly related to this patch, but I can handle it on a next serie, from a 
quick look it seems that many cases can be handled by checking if the domain is NULL in 
is_hardware_domain(…).

Before this series, it is not possible to have hardware_domain == NULL at runtime because dom0 is always created.

Cheers,

--
Julien Grall



 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.