xen/domain: Introduce a new sanitise_domain_config() helper

Call it from the head of domain_create() (before doing any memory
allocations), which will apply the checks to dom0 as well as domU's.

For now, just subsume the XEN_DOMCTL_CDF_* check from XEN_DOMCTL_createdomain.

In an effort to aid future developoment, leave a debug printk() identifying
the cause of sanitisation failures.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Reviewed-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Julien Grall <julien.grall@arm.com>

diff --git a/xen/common/domain.c b/xen/common/domain.c
index d6650f0656b39d6b03fcb6d55917f75f183c8e2d..22aa6345104e713f3ec5197e9b8ad9568a3d3f4b 100644 (file)
--- a/xen/common/domain.c
+++ b/xen/common/domain.c
@@ -288,6 +288,21 @@ static void _domain_destroy(struct domain *d)
     free_domain_struct(d);
 }
 
+static int sanitise_domain_config(struct xen_domctl_createdomain *config)
+{
+    if ( config->flags & ~(XEN_DOMCTL_CDF_hvm_guest |
+                           XEN_DOMCTL_CDF_hap |
+                           XEN_DOMCTL_CDF_s3_integrity |
+                           XEN_DOMCTL_CDF_oos_off |
+                           XEN_DOMCTL_CDF_xs_domain) )
+    {
+        dprintk(XENLOG_INFO, "Unknown CDF flags %#x\n", config->flags);
+        return -EINVAL;
+    }
+
+    return 0;
+}
+
 struct domain *domain_create(domid_t domid,
                              struct xen_domctl_createdomain *config,
                              bool is_priv)
@@ -297,6 +312,9 @@ struct domain *domain_create(domid_t domid,
            INIT_evtchn = 1u<<3, INIT_gnttab = 1u<<4, INIT_arch = 1u<<5 };
     int err, init_status = 0;
 
+    if ( config && (err = sanitise_domain_config(config)) )
+        return ERR_PTR(err);
+
     if ( (d = alloc_domain_struct()) == NULL )
         return ERR_PTR(-ENOMEM);
 

diff --git a/xen/common/domctl.c b/xen/common/domctl.c
index b2948814aa0d2b60975fffb8ae0eed7344a4239f..d08b6274e2a0c60780dcc00ff2064f4d27285de1 100644 (file)
--- a/xen/common/domctl.c
+++ b/xen/common/domctl.c
@@ -498,15 +498,6 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t) u_domctl)
         domid_t        dom;
         static domid_t rover = 0;
 
-        ret = -EINVAL;
-        if ( (op->u.createdomain.flags &
-             ~(XEN_DOMCTL_CDF_hvm_guest
-               | XEN_DOMCTL_CDF_hap
-               | XEN_DOMCTL_CDF_s3_integrity
-               | XEN_DOMCTL_CDF_oos_off
-               | XEN_DOMCTL_CDF_xs_domain)) )
-            break;
-
         dom = op->domain;
         if ( (dom > 0) && (dom < DOMID_FIRST_RESERVED) )
         {