On 4/5/22 04:26, Jan Beulich wrote: > On 31.03.2022 01:05, Daniel P. Smith wrote: >> --- a/xen/arch/x86/setup.c >> +++ b/xen/arch/x86/setup.c >> @@ -589,6 +589,9 @@ static void noinline init_done(void) >> void *va; >> unsigned long start, end; >> >> + /* Ensure idle domain was not left privileged */ >> + ASSERT(current->domain->is_privileged == false) ; > > I think this should be stronger than ASSERT(); I'd recommend calling > panic(). Also please don't compare against "true" or "false" - use > ordinary boolean operations instead (here it would be > "!current->domain->is_privileged").
Ack. v/r, dps
