domctl: restrict DOMCTL_set_target to HVM domains

Both the XSA-217 fix and
lists.xenproject.org/archives/html/xen-devel/2017-04/msg02945.html
make this assumption, so let's enforce it.

Signed-off-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Andrew Cooper <andrew.cooper@citrix.com>

diff --git a/xen/common/domctl.c b/xen/common/domctl.c
index 951a5dce0d9b061353faef65269d9ab5cb102437..dfa3df9beb0592d7c779809964e6dc84b61206b1 100644 (file)
--- a/xen/common/domctl.c
+++ b/xen/common/domctl.c
@@ -1071,8 +1071,11 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t) u_domctl)
             break;
         }
 
-        ret = xsm_set_target(XSM_HOOK, d, e);
-        if ( ret ) {
+        ret = -EOPNOTSUPP;
+        if ( is_hvm_domain(e) )
+            ret = xsm_set_target(XSM_HOOK, d, e);
+        if ( ret )
+        {
             put_domain(e);
             break;
         }