prevent 0 from being used as a dynamic domid

When the hardware domain is made distinct from dom0, it becomes possible
to shut down and destroy domain 0 while leaving the hypervisor running.
If this happens, prevent this domain ID from being considered for
allocation to a new guest.

Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Acked-by: Keir Fraser <keir@xen.org>

diff --git a/xen/common/domctl.c b/xen/common/domctl.c
index 5e807abef7fe8470c1fce0add363724b3c634d17..af3614b54fd64be8c10dbbd7049be2c67f0433d4 100644 (file)
--- a/xen/common/domctl.c
+++ b/xen/common/domctl.c
@@ -436,7 +436,7 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t) u_domctl)
             for ( dom = rover + 1; dom != rover; dom++ )
             {
                 if ( dom == DOMID_FIRST_RESERVED )
-                    dom = 0;
+                    dom = 1;
                 if ( is_free_domid(dom) )
                     break;
             }