x86/evtchn: Restrict the ops usable in do_event_channel_op_compat()

This hypercall is unused by guests these days, but there was no prevention of
usable subops.  The following ops have been restricted, as there is no
suitable structure in the evntchn_op union.

  EVTCHNOP_reset
  EVTCHNOP_init_control
  EVTCHNOP_expand_array
  EVTCHNOP_set_priority

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Reviewed-by: Wei Liu <wei.liu2@citrix.com>

diff --git a/xen/arch/x86/compat.c b/xen/arch/x86/compat.c
index 2d4be2e89953ffc7307d1539e6618f9bfaf9fc1b..f417cd5034995a011785153333adefc0e876d578 100644 (file)
--- a/xen/arch/x86/compat.c
+++ b/xen/arch/x86/compat.c
@@ -57,7 +57,24 @@ long do_event_channel_op_compat(XEN_GUEST_HANDLE_PARAM(evtchn_op_t) uop)
     if ( unlikely(copy_from_guest(&op, uop, 1) != 0) )
         return -EFAULT;
 
-    return do_event_channel_op(op.cmd, guest_handle_from_ptr(&uop.p->u, void));
+    switch ( op.cmd )
+    {
+    case EVTCHNOP_bind_interdomain:
+    case EVTCHNOP_bind_virq:
+    case EVTCHNOP_bind_pirq:
+    case EVTCHNOP_close:
+    case EVTCHNOP_send:
+    case EVTCHNOP_status:
+    case EVTCHNOP_alloc_unbound:
+    case EVTCHNOP_bind_ipi:
+    case EVTCHNOP_bind_vcpu:
+    case EVTCHNOP_unmask:
+        return do_event_channel_op(op.cmd,
+                                   guest_handle_from_ptr(&uop.p->u, void));
+
+    default:
+        return -ENOSYS;
+    }
 }
 
 #endif