| Message ID | fbe81175084a2f302a726d3fb8ba3144c6af8e6b.1733307202.git.teddy.astie@vates.tech (mailing list archive) |
|---|---|
| State | New |
| Headers | show |
| Series | [XEN] XSM/domctl: Only pass properly initialized ssidref to xsm_domctl | expand |
On 04.12.2024 11:17, Teddy Astie wrote: > On XEN_DOMCTL_create_domain, we need to pass the ssidref parameter to xsm_domctl, > currently, it is always passed regardless of what command we actually do (meaning > that we are likely to pass garbage in !XEN_DOMCTL_create_domain). > > Pass ssidref from u.createdomain only for create_domain command, 0 otherwise. > No functionnal change as ssidref parameter is ignored for non-XEN_DOMCTL_create_domain > commands. And then why is this change being made? > Fixes: ee32b9b29af449d38aad0a1b3a81aaae586f5ea7 ("XSM/domctl: Fix permission checks on XEN_DOMCTL_createdomain") Please limit the hash to 12 digits. Jan
diff --git a/xen/common/domctl.c b/xen/common/domctl.c index ea16b75910..313022fe01 100644 --- a/xen/common/domctl.c +++ b/xen/common/domctl.c @@ -281,6 +281,7 @@ static struct vnuma_info *vnuma_init(const struct xen_domctl_vnuma *uinfo, long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t) u_domctl) { long ret = 0; + uint32_t ssidref = 0; /* SSIDRef only applicable for cmd == createdomain */ bool copyback = false; struct xen_domctl curop, *op = &curop; struct domain *d; @@ -295,6 +296,7 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t) u_domctl) { case XEN_DOMCTL_createdomain: d = NULL; + ssidref = op->u.createdomain.ssidref; break; case XEN_DOMCTL_assign_device: @@ -322,9 +324,7 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t) u_domctl) break; } - ret = xsm_domctl(XSM_OTHER, d, op->cmd, - /* SSIDRef only applicable for cmd == createdomain */ - op->u.createdomain.ssidref); + ret = xsm_domctl(XSM_OTHER, d, op->cmd, ssidref); if ( ret ) goto domctl_out_unlock_domonly;
On XEN_DOMCTL_create_domain, we need to pass the ssidref parameter to xsm_domctl, currently, it is always passed regardless of what command we actually do (meaning that we are likely to pass garbage in !XEN_DOMCTL_create_domain). Pass ssidref from u.createdomain only for create_domain command, 0 otherwise. No functionnal change as ssidref parameter is ignored for non-XEN_DOMCTL_create_domain commands. Fixes: ee32b9b29af449d38aad0a1b3a81aaae586f5ea7 ("XSM/domctl: Fix permission checks on XEN_DOMCTL_createdomain") Signed-off-by: Teddy Astie <teddy.astie@vates.tech> --- xen/common/domctl.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-)