From nobody Fri Nov 29 08:42:58 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates
 192.237.175.120 as permitted sender) client-ip=192.237.175.120;
 envelope-from=xen-devel-bounces@lists.xenproject.org;
 helo=lists.xenproject.org;
Authentication-Results: mx.zohomail.com;
	dkim=pass  header.i=dpsmith@apertussolutions.com;
	spf=pass (zohomail.com: domain of lists.xenproject.org designates
 192.237.175.120 as permitted sender)
  smtp.mailfrom=xen-devel-bounces@lists.xenproject.org;
	arc=pass (i=1 dmarc=pass fromdomain=apertussolutions.com)
ARC-Seal: i=2; a=rsa-sha256; t=1648667149; cv=pass;
	d=zohomail.com; s=zohoarc;
	b=nJ+5/Wpcjwg5ODnshHiuqn+QiGCCHEjM4Y/XGVhUN8yQ4iU04lNd5oO6kIOJ0ty0GqBtLRQ77UioRkzXlhUMq0Nw7sUTpT2FfDo/n4oFwCFyq6q/1rXF8bbN+iTkWeILnmZSCFk7Q2Er9VchnNlbFIaiRijWwIR1+uNKpFCpoWY=
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1648667149;
 h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To;
	bh=dB9qOZNsWI6cdhi3GPQMvCqqeva+kPJ+omKewxXhvII=;
	b=mr2oufhqWM32jb6IJTurJ1jnZYQu79vbwxScXxVVXqoI1nfDp5JRrsaaCbcRI9agM5suV7+dzn71jbMRts2J4CNMVpr2+bVRUNyeCjmv284Fxv6Fzw3wqbjc3U+cBZ0v53djsYIIC8hYXn2OdjoyAP+KIFWi0KwyoPnfdjy2Lv4=
ARC-Authentication-Results: i=2; mx.zohomail.com;
	dkim=pass  header.i=dpsmith@apertussolutions.com;
	spf=pass (zohomail.com: domain of lists.xenproject.org designates
 192.237.175.120 as permitted sender)
  smtp.mailfrom=xen-devel-bounces@lists.xenproject.org;
	arc=pass (i=1 dmarc=pass fromdomain=apertussolutions.com)
Return-Path: <xen-devel-bounces@lists.xenproject.org>
Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120])
 by mx.zohomail.com
	with SMTPS id 1648667149209337.9037008026513;
 Wed, 30 Mar 2022 12:05:49 -0700 (PDT)
Received: from list by lists.xenproject.org with
 outflank-mailman.296501.504752 (Exim 4.92)
	(envelope-from <xen-devel-bounces@lists.xenproject.org>)
	id 1nZddB-0002IC-Ap; Wed, 30 Mar 2022 19:05:21 +0000
Received: by outflank-mailman (output) from mailman id 296501.504752;
 Wed, 30 Mar 2022 19:05:21 +0000
Received: from localhost ([127.0.0.1] helo=lists.xenproject.org)
	by lists.xenproject.org with esmtp (Exim 4.92)
	(envelope-from <xen-devel-bounces@lists.xenproject.org>)
	id 1nZddB-0002HN-79; Wed, 30 Mar 2022 19:05:21 +0000
Received: by outflank-mailman (input) for mailman id 296501;
 Wed, 30 Mar 2022 19:05:19 +0000
Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254]
 helo=se1-gles-sth1.inumbo.com)
 by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from
 <SRS0=L21/=UJ=apertussolutions.com=dpsmith@srs-se1.protection.inumbo.net>)
 id 1nZdd9-0001VT-8X
 for xen-devel@lists.xenproject.org; Wed, 30 Mar 2022 19:05:19 +0000
Received: from sender4-of-o51.zoho.com (sender4-of-o51.zoho.com
 [136.143.188.51]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS
 id 560afc2e-b05c-11ec-a405-831a346695d4;
 Wed, 30 Mar 2022 21:05:18 +0200 (CEST)
Received: from sisyou.hme. (static-72-81-132-2.bltmmd.fios.verizon.net
 [72.81.132.2]) by mx.zohomail.com
 with SMTPS id 1648667098306644.7320036155761;
 Wed, 30 Mar 2022 12:04:58 -0700 (PDT)
X-Outflank-Mailman: Message body and most headers restored to incoming version
X-BeenThere: xen-devel@lists.xenproject.org
List-Id: Xen developer discussion <xen-devel.lists.xenproject.org>
List-Unsubscribe: <https://lists.xenproject.org/mailman/options/xen-devel>,
 <mailto:xen-devel-request@lists.xenproject.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xenproject.org>
List-Help: <mailto:xen-devel-request@lists.xenproject.org?subject=help>
List-Subscribe: <https://lists.xenproject.org/mailman/listinfo/xen-devel>,
 <mailto:xen-devel-request@lists.xenproject.org?subject=subscribe>
Errors-To: xen-devel-bounces@lists.xenproject.org
Precedence: list
Sender: "Xen-devel" <xen-devel-bounces@lists.xenproject.org>
X-Inumbo-ID: 560afc2e-b05c-11ec-a405-831a346695d4
ARC-Seal: i=1; a=rsa-sha256; t=1648667100; cv=none;
	d=zohomail.com; s=zohoarc;
	b=PAvk23Bp7OtwQ34hjKg724vdDXmYp6UIWNv4TDRbpKCX7HyxO2AOGo2MnX2CxV5sjrmbXak7X8QD+HAj6BRk72yilMYNpxVHDdx07cPtoSTnbrM/SFCl9Up2erpztzZ+8lljUp6i6FUJQkNFOi2VviY2CBXQOPMwAbbWLvxfVGA=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1648667100;
 h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:MIME-Version:Message-ID:References:Subject:To;
	bh=dB9qOZNsWI6cdhi3GPQMvCqqeva+kPJ+omKewxXhvII=;
	b=jMRIkmlwpqBXCDmGVKiO1J7il6k/RLDL3Xq13V2/8PIJEMLXGVFQClGOlnIyxWS9PLcKNIVkZx4HzjU+lO2GPg3J1HYZduxmFPEU8TQKd1QqCJDJNgjEMk2upIDsQ1b7e/qQz3fM7XKVpMyWyAY0rs/inyKVJFSW2FjWw2oELP0=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass  header.i=apertussolutions.com;
	spf=pass  smtp.mailfrom=dpsmith@apertussolutions.com;
	dmarc=pass header.from=<dpsmith@apertussolutions.com>
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; t=1648667100;
	s=zoho; d=apertussolutions.com; i=dpsmith@apertussolutions.com;
	h=From:From:To:To:Cc:Cc:Subject:Subject:Date:Message-Id:Message-Id:In-Reply-To:References:MIME-Version:Content-Transfer-Encoding:Reply-To;
	bh=dB9qOZNsWI6cdhi3GPQMvCqqeva+kPJ+omKewxXhvII=;
	b=uk3A1857UhrOj+FEX5+zWliaVJduT9HgfOaCYkUQplgjGzFRXXT+u2Apki667jlV
	I1pVnlIJIB+WS6PpwLKv2sFSr0p7UuOktkTF9nNP7wiV/TGAPgRIt9dzpJqQC6/TogK
	s7pfv522ajyftOZdqblzm7u/zoUkzAGDJb0UK4uU=
From: "Daniel P. Smith" <dpsmith@apertussolutions.com>
To: Volodymyr Babchuk <Volodymyr_Babchuk@epam.com>,
	Wei Liu <wl@xen.org>,
	=?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= <roger.pau@citrix.com>,
	xen-devel@lists.xenproject.org
Cc: "Daniel P. Smith" <dpsmith@apertussolutions.com>,
	scott.davis@starlab.io,
	jandryuk@gmail.com,
	Stefano Stabellini <sstabellini@kernel.org>,
	Julien Grall <julien@xen.org>,
	Jan Beulich <jbeulich@suse.com>,
	Andrew Cooper <andrew.cooper3@citrix.com>
Subject: [PATCH 2/2] arch: ensure idle domain is not left privileged
Date: Wed, 30 Mar 2022 19:05:49 -0400
Message-Id: <20220330230549.26074-3-dpsmith@apertussolutions.com>
X-Mailer: git-send-email 2.20.1
In-Reply-To: <20220330230549.26074-1-dpsmith@apertussolutions.com>
References: <20220330230549.26074-1-dpsmith@apertussolutions.com>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
X-ZohoMailClient: External
X-ZohoMail-DKIM: pass (identity dpsmith@apertussolutions.com)
X-ZM-MESSAGEID: 1648667150501100001
Content-Type: text/plain; charset="utf-8"

It is now possible to promote the idle domain to privileged during setup.  =
It
is not desirable for the idle domain to still be privileged when moving int=
o a
running state. If the idle domain was elevated and not properly demoted, it=
 is
desirable to fail at this point. This commit adds an assert for both x86 and
Arm just before transitioning to a running state that ensures the idle is n=
ot
privileged.

Signed-off-by: Daniel P. Smith <dpsmith@apertussolutions.com>
---
 xen/arch/arm/setup.c | 3 +++
 xen/arch/x86/setup.c | 3 +++
 2 files changed, 6 insertions(+)

diff --git a/xen/arch/arm/setup.c b/xen/arch/arm/setup.c
index 7968cee47d..3de394e946 100644
--- a/xen/arch/arm/setup.c
+++ b/xen/arch/arm/setup.c
@@ -973,6 +973,9 @@ void __init start_xen(unsigned long boot_phys_offset,
     /* Hide UART from DOM0 if we're using it */
     serial_endboot();
=20
+    /* Ensure idle domain was not left privileged */
+    ASSERT(current->domain->is_privileged =3D=3D false) ;
+
     system_state =3D SYS_STATE_active;
=20
     create_domUs();
diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c
index 885919d5c3..b868463f83 100644
--- a/xen/arch/x86/setup.c
+++ b/xen/arch/x86/setup.c
@@ -589,6 +589,9 @@ static void noinline init_done(void)
     void *va;
     unsigned long start, end;
=20
+    /* Ensure idle domain was not left privileged */
+    ASSERT(current->domain->is_privileged =3D=3D false) ;
+
     system_state =3D SYS_STATE_active;
=20
     domain_unpause_by_systemcontroller(dom0);
--=20
2.20.1