diff mbox

[04/11] domctl: restrict DOMCTL_set_target to HVM domains

Message ID 594A598B0200007800165056@prv-mh.provo.novell.com (mailing list archive)
State New, archived
Headers show

Commit Message

Jan Beulich June 21, 2017, 9:33 a.m. UTC 
Both the XSA-217 fix and
lists.xenproject.org/archives/html/xen-devel/2017-04/msg02945.html
make this assumption, so let's enforce it.

Signed-off-by: Jan Beulich <jbeulich@suse.com>
domctl: restrict DOMCTL_set_target to HVM domains

Both the XSA-217 fix and
lists.xenproject.org/archives/html/xen-devel/2017-04/msg02945.html
make this assumption, so let's enforce it.

Signed-off-by: Jan Beulich <jbeulich@suse.com>

--- a/xen/common/domctl.c
+++ b/xen/common/domctl.c
@@ -1071,7 +1071,9 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xe
             break;
         }
 
-        ret = xsm_set_target(XSM_HOOK, d, e);
+        ret = -EOPNOTSUPP;
+        if ( is_hvm_domain(e) )
+            ret = xsm_set_target(XSM_HOOK, d, e);
         if ( ret ) {
             put_domain(e);
             break;

Comments

Andrew Cooper June 21, 2017, 11:41 a.m. UTC | #1 
On 21/06/17 10:33, Jan Beulich wrote:
> Both the XSA-217 fix and
> lists.xenproject.org/archives/html/xen-devel/2017-04/msg02945.html
> make this assumption, so let's enforce it.
>
> Signed-off-by: Jan Beulich <jbeulich@suse.com>

Reviewed-by: Andrew Cooper <andrew.cooper@citrix.com>, although...

>
> --- a/xen/common/domctl.c
> +++ b/xen/common/domctl.c
> @@ -1071,7 +1071,9 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xe
>              break;
>          }
>  
> -        ret = xsm_set_target(XSM_HOOK, d, e);
> +        ret = -EOPNOTSUPP;
> +        if ( is_hvm_domain(e) )
> +            ret = xsm_set_target(XSM_HOOK, d, e);
>          if ( ret ) {

... do you mind fixing this style while you are here?

~Andrew

>              put_domain(e);
>              break;
>
>
>
diff mbox

Patch

--- a/xen/common/domctl.c
+++ b/xen/common/domctl.c
@@ -1071,7 +1071,9 @@  long do_domctl(XEN_GUEST_HANDLE_PARAM(xe
             break;
         }
 
-        ret = xsm_set_target(XSM_HOOK, d, e);
+        ret = -EOPNOTSUPP;
+        if ( is_hvm_domain(e) )
+            ret = xsm_set_target(XSM_HOOK, d, e);
         if ( ret ) {
             put_domain(e);
             break;