WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-changelog

[Xen-changelog] [xen-unstable] x86 hvm: Fix privilege checking in do_hvm

To: xen-changelog@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-changelog] [xen-unstable] x86 hvm: Fix privilege checking in do_hvm_op() hypercall.
From: Xen patchbot-unstable <patchbot-unstable@xxxxxxxxxxxxxxxxxxx>
Date: Thu, 09 Apr 2009 23:00:20 -0700
Delivery-date: Thu, 09 Apr 2009 23:00:58 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-changelog-request@lists.xensource.com?subject=help>
List-id: BK change log <xen-changelog.lists.xensource.com>
List-post: <mailto:xen-changelog@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-changelog>, <mailto:xen-changelog-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-changelog>, <mailto:xen-changelog-request@lists.xensource.com?subject=unsubscribe>
Reply-to: xen-devel@xxxxxxxxxxxxxxxxxxx
Sender: xen-changelog-bounces@xxxxxxxxxxxxxxxxxxx
# HG changeset patch
# User Keir Fraser <keir.fraser@xxxxxxxxxx>
# Date 1239195997 -3600
# Node ID eddb0f09fdaff66ce3822699385dc8a01100bad2
# Parent  2eed076989215f5bbfcf0d7be688b81a45abb5ef
x86 hvm: Fix privilege checking in do_hvm_op() hypercall.
Signed-off-by: Keir Fraser <keir.fraser@xxxxxxxxxx>
---
 xen/arch/x86/hvm/hvm.c |   33 +++++++++++++++++++++++++++------
 1 files changed, 27 insertions(+), 6 deletions(-)

diff -r 2eed07698921 -r eddb0f09fdaf xen/arch/x86/hvm/hvm.c
--- a/xen/arch/x86/hvm/hvm.c    Wed Apr 08 14:06:04 2009 +0100
+++ b/xen/arch/x86/hvm/hvm.c    Wed Apr 08 14:06:37 2009 +0100
@@ -2377,6 +2377,9 @@ static int hvmop_flush_tlb_all(void)
     struct domain *d = current->domain;
     struct vcpu *v;
 
+    if ( !is_hvm_domain(d) )
+        return -EINVAL;
+
     /* Avoid deadlock if more than one vcpu tries this at the same time. */
     if ( !spin_trylock(&d->hypercall_deadlock_mutex) )
         return -EAGAIN;
@@ -2413,6 +2416,7 @@ long do_hvm_op(unsigned long op, XEN_GUE
 long do_hvm_op(unsigned long op, XEN_GUEST_HANDLE(void) arg)
 
 {
+    struct domain *curr_d = current->domain;
     long rc = 0;
 
     switch ( op )
@@ -2434,6 +2438,10 @@ long do_hvm_op(unsigned long op, XEN_GUE
         rc = rcu_lock_target_domain_by_id(a.domid, &d);
         if ( rc != 0 )
             return rc;
+
+        rc = -EPERM;
+        if ( (curr_d != d) && !IS_PRIV_FOR(curr_d, d) )
+            goto param_fail;
 
         rc = -EINVAL;
         if ( !is_hvm_domain(d) )
@@ -2477,8 +2485,9 @@ long do_hvm_op(unsigned long op, XEN_GUE
                     rc = -EINVAL;
                 break;
             case HVM_PARAM_IDENT_PT:
+                /* Not reflexive, as we must domain_pause(). */
                 rc = -EPERM;
-                if ( !IS_PRIV(current->domain) )
+                if ( curr_d == d )
                     break;
 
                 rc = -EINVAL;
@@ -2508,13 +2517,13 @@ long do_hvm_op(unsigned long op, XEN_GUE
                 domctl_lock_release();
                 break;
             case HVM_PARAM_DM_DOMAIN:
-                /* Privileged domains only, as we must domain_pause(d). */
+                /* Not reflexive, as we must domain_pause(). */
                 rc = -EPERM;
-                if ( !IS_PRIV_FOR(current->domain, d) )
+                if ( curr_d == d )
                     break;
 
                 if ( a.value == DOMID_SELF )
-                    a.value = current->domain->domain_id;
+                    a.value = curr_d->domain_id;
 
                 rc = 0;
                 domain_pause(d); /* safe to change per-vcpu xen_port */
@@ -2539,9 +2548,9 @@ long do_hvm_op(unsigned long op, XEN_GUE
                 domain_unpause(d);
                 break;
             case HVM_PARAM_ACPI_S_STATE:
-                /* Privileged domains only, as we must domain_pause(d). */
+                /* Not reflexive, as we must domain_pause(). */
                 rc = -EPERM;
-                if ( !IS_PRIV_FOR(current->domain, d) )
+                if ( curr_d == d )
                     break;
 
                 rc = 0;
@@ -2612,6 +2621,10 @@ long do_hvm_op(unsigned long op, XEN_GUE
         if ( rc != 0 )
             return rc;
 
+        rc = -EPERM;
+        if ( !IS_PRIV_FOR(curr_d, d) )
+            goto param_fail2;
+
         rc = -EINVAL;
         if ( !is_hvm_domain(d) )
             goto param_fail2;
@@ -2649,6 +2662,10 @@ long do_hvm_op(unsigned long op, XEN_GUE
         rc = rcu_lock_target_domain_by_id(a.domid, &d);
         if ( rc != 0 )
             return rc;
+
+        rc = -EPERM;
+        if ( !IS_PRIV_FOR(curr_d, d) )
+            goto param_fail3;
 
         rc = -EINVAL;
         if ( !is_hvm_domain(d) )
@@ -2705,6 +2722,10 @@ long do_hvm_op(unsigned long op, XEN_GUE
         rc = rcu_lock_target_domain_by_id(a.domid, &d);
         if ( rc != 0 )
             return rc;
+
+        rc = -EPERM;
+        if ( !IS_PRIV_FOR(curr_d, d) )
+            goto param_fail4;
 
         rc = -EINVAL;
         if ( !is_hvm_domain(d) )

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog

<Prev in Thread] Current Thread [Next in Thread>
  • [Xen-changelog] [xen-unstable] x86 hvm: Fix privilege checking in do_hvm_op() hypercall., Xen patchbot-unstable <=