ia64/xen-unstable

changeset 18528:1c09b810f977

find changesets by author, revision, files, or words in the commit message
domctl: don't allow certain operations on Dom0

XEN_DOMCTL_setvcpucontext, XEN_DOMCTL_max_vcpus, and
XEN_DOMCTL_setdebugging don't seem to allow Dom0 as the subject domain
(based on the criteria that they pause that domain in order to do
their job).

Signed-off-by: Jan Beulich <jbeulich@novell.com>
Signed-off-by: Keir Fraser <keir.fraser@citrix.com>
author Keir Fraser <keir.fraser@citrix.com>
date Mon Sep 22 15:20:25 2008 +0100 (2008-09-22)
parents 40233384ffe3
children d8a2d117225c
files xen/common/domctl.c
line diff
     1.1 --- a/xen/common/domctl.c	Mon Sep 22 15:15:19 2008 +0100
     1.2 +++ b/xen/common/domctl.c	Mon Sep 22 15:20:25 2008 +0100
     1.3 @@ -223,7 +223,8 @@ long do_domctl(XEN_GUEST_HANDLE(xen_domc
     1.4              goto svc_out;
     1.5  
     1.6          ret = -EINVAL;
     1.7 -        if ( (vcpu >= MAX_VIRT_CPUS) || ((v = d->vcpu[vcpu]) == NULL) )
     1.8 +        if ( (d == current->domain) || /* no domain_pause() */
     1.9 +             (vcpu >= MAX_VIRT_CPUS) || ((v = d->vcpu[vcpu]) == NULL) )
    1.10              goto svc_out;
    1.11  
    1.12          if ( guest_handle_is_null(op->u.vcpucontext.ctxt) )
    1.13 @@ -392,14 +393,18 @@ long do_domctl(XEN_GUEST_HANDLE(xen_domc
    1.14          struct domain *d;
    1.15          unsigned int i, max = op->u.max_vcpus.max, cpu;
    1.16  
    1.17 -        ret = -EINVAL;
    1.18 -        if ( max > MAX_VIRT_CPUS )
    1.19 -            break;
    1.20 -
    1.21          ret = -ESRCH;
    1.22          if ( (d = rcu_lock_domain_by_id(op->domain)) == NULL )
    1.23              break;
    1.24  
    1.25 +        ret = -EINVAL;
    1.26 +        if ( (d == current->domain) || /* no domain_pause() */
    1.27 +             (max > MAX_VIRT_CPUS) )
    1.28 +        {
    1.29 +            rcu_unlock_domain(d);
    1.30 +            break;
    1.31 +        }
    1.32 +
    1.33          ret = xsm_max_vcpus(d);
    1.34          if ( ret )
    1.35          {
    1.36 @@ -706,6 +711,13 @@ long do_domctl(XEN_GUEST_HANDLE(xen_domc
    1.37          if ( d == NULL )
    1.38              break;
    1.39  
    1.40 +        ret = -EINVAL;
    1.41 +        if ( d == current->domain ) /* no domain_pause() */
    1.42 +        {
    1.43 +            rcu_unlock_domain(d);
    1.44 +            break;
    1.45 +        }
    1.46 +
    1.47          ret = xsm_setdebugging(d);
    1.48          if ( ret )
    1.49          {