ia64/xen-unstable

changeset 19524:eddb0f09fdaf

x86 hvm: Fix privilege checking in do_hvm_op() hypercall.
Signed-off-by: Keir Fraser <keir.fraser@citrix.com>
author Keir Fraser <keir.fraser@citrix.com>
date Wed Apr 08 14:06:37 2009 +0100 (2009-04-08)
parents 2eed07698921
children f9c8c6b08972
files xen/arch/x86/hvm/hvm.c
line diff
     1.1 --- a/xen/arch/x86/hvm/hvm.c	Wed Apr 08 14:06:04 2009 +0100
     1.2 +++ b/xen/arch/x86/hvm/hvm.c	Wed Apr 08 14:06:37 2009 +0100
     1.3 @@ -2377,6 +2377,9 @@ static int hvmop_flush_tlb_all(void)
     1.4      struct domain *d = current->domain;
     1.5      struct vcpu *v;
     1.6  
     1.7 +    if ( !is_hvm_domain(d) )
     1.8 +        return -EINVAL;
     1.9 +
    1.10      /* Avoid deadlock if more than one vcpu tries this at the same time. */
    1.11      if ( !spin_trylock(&d->hypercall_deadlock_mutex) )
    1.12          return -EAGAIN;
    1.13 @@ -2413,6 +2416,7 @@ static int hvmop_flush_tlb_all(void)
    1.14  long do_hvm_op(unsigned long op, XEN_GUEST_HANDLE(void) arg)
    1.15  
    1.16  {
    1.17 +    struct domain *curr_d = current->domain;
    1.18      long rc = 0;
    1.19  
    1.20      switch ( op )
    1.21 @@ -2435,6 +2439,10 @@ long do_hvm_op(unsigned long op, XEN_GUE
    1.22          if ( rc != 0 )
    1.23              return rc;
    1.24  
    1.25 +        rc = -EPERM;
    1.26 +        if ( (curr_d != d) && !IS_PRIV_FOR(curr_d, d) )
    1.27 +            goto param_fail;
    1.28 +
    1.29          rc = -EINVAL;
    1.30          if ( !is_hvm_domain(d) )
    1.31              goto param_fail;
    1.32 @@ -2477,8 +2485,9 @@ long do_hvm_op(unsigned long op, XEN_GUE
    1.33                      rc = -EINVAL;
    1.34                  break;
    1.35              case HVM_PARAM_IDENT_PT:
    1.36 +                /* Not reflexive, as we must domain_pause(). */
    1.37                  rc = -EPERM;
    1.38 -                if ( !IS_PRIV(current->domain) )
    1.39 +                if ( curr_d == d )
    1.40                      break;
    1.41  
    1.42                  rc = -EINVAL;
    1.43 @@ -2508,13 +2517,13 @@ long do_hvm_op(unsigned long op, XEN_GUE
    1.44                  domctl_lock_release();
    1.45                  break;
    1.46              case HVM_PARAM_DM_DOMAIN:
    1.47 -                /* Privileged domains only, as we must domain_pause(d). */
    1.48 +                /* Not reflexive, as we must domain_pause(). */
    1.49                  rc = -EPERM;
    1.50 -                if ( !IS_PRIV_FOR(current->domain, d) )
    1.51 +                if ( curr_d == d )
    1.52                      break;
    1.53  
    1.54                  if ( a.value == DOMID_SELF )
    1.55 -                    a.value = current->domain->domain_id;
    1.56 +                    a.value = curr_d->domain_id;
    1.57  
    1.58                  rc = 0;
    1.59                  domain_pause(d); /* safe to change per-vcpu xen_port */
    1.60 @@ -2539,9 +2548,9 @@ long do_hvm_op(unsigned long op, XEN_GUE
    1.61                  domain_unpause(d);
    1.62                  break;
    1.63              case HVM_PARAM_ACPI_S_STATE:
    1.64 -                /* Privileged domains only, as we must domain_pause(d). */
    1.65 +                /* Not reflexive, as we must domain_pause(). */
    1.66                  rc = -EPERM;
    1.67 -                if ( !IS_PRIV_FOR(current->domain, d) )
    1.68 +                if ( curr_d == d )
    1.69                      break;
    1.70  
    1.71                  rc = 0;
    1.72 @@ -2612,6 +2621,10 @@ long do_hvm_op(unsigned long op, XEN_GUE
    1.73          if ( rc != 0 )
    1.74              return rc;
    1.75  
    1.76 +        rc = -EPERM;
    1.77 +        if ( !IS_PRIV_FOR(curr_d, d) )
    1.78 +            goto param_fail2;
    1.79 +
    1.80          rc = -EINVAL;
    1.81          if ( !is_hvm_domain(d) )
    1.82              goto param_fail2;
    1.83 @@ -2650,6 +2663,10 @@ long do_hvm_op(unsigned long op, XEN_GUE
    1.84          if ( rc != 0 )
    1.85              return rc;
    1.86  
    1.87 +        rc = -EPERM;
    1.88 +        if ( !IS_PRIV_FOR(curr_d, d) )
    1.89 +            goto param_fail3;
    1.90 +
    1.91          rc = -EINVAL;
    1.92          if ( !is_hvm_domain(d) )
    1.93              goto param_fail3;
    1.94 @@ -2706,6 +2723,10 @@ long do_hvm_op(unsigned long op, XEN_GUE
    1.95          if ( rc != 0 )
    1.96              return rc;
    1.97  
    1.98 +        rc = -EPERM;
    1.99 +        if ( !IS_PRIV_FOR(curr_d, d) )
   1.100 +            goto param_fail4;
   1.101 +
   1.102          rc = -EINVAL;
   1.103          if ( !is_hvm_domain(d) )
   1.104              goto param_fail4;