domctl: don't allow certain operations on Dom0

XEN_DOMCTL_setvcpucontext, XEN_DOMCTL_max_vcpus, and
XEN_DOMCTL_setdebugging don't seem to allow Dom0 as the subject domain
(based on the criteria that they pause that domain in order to do
their job).

Signed-off-by: Jan Beulich <jbeulich@novell.com>
Signed-off-by: Keir Fraser <keir.fraser@citrix.com>

1 files changed, 17 insertions, 5 deletions

diff --git a/xen/common/domctl.c b/xen/common/domctl.c
index 9892550d8b..f4787b22e3 100644
--- a/xen/common/domctl.c
+++ b/xen/common/domctl.c
@@ -223,7 +223,8 @@ long do_domctl(XEN_GUEST_HANDLE(xen_domctl_t) u_domctl)
             goto svc_out;
 
         ret = -EINVAL;
-        if ( (vcpu >= MAX_VIRT_CPUS) || ((v = d->vcpu[vcpu]) == NULL) )
+        if ( (d == current->domain) || /* no domain_pause() */
+             (vcpu >= MAX_VIRT_CPUS) || ((v = d->vcpu[vcpu]) == NULL) )
             goto svc_out;
 
         if ( guest_handle_is_null(op->u.vcpucontext.ctxt) )
@@ -392,14 +393,18 @@ long do_domctl(XEN_GUEST_HANDLE(xen_domctl_t) u_domctl)
         struct domain *d;
         unsigned int i, max = op->u.max_vcpus.max, cpu;
 
-        ret = -EINVAL;
-        if ( max > MAX_VIRT_CPUS )
-            break;
-
         ret = -ESRCH;
         if ( (d = rcu_lock_domain_by_id(op->domain)) == NULL )
             break;
 
+        ret = -EINVAL;
+        if ( (d == current->domain) || /* no domain_pause() */
+             (max > MAX_VIRT_CPUS) )
+        {
+            rcu_unlock_domain(d);
+            break;
+        }
+
         ret = xsm_max_vcpus(d);
         if ( ret )
         {
@@ -706,6 +711,13 @@ long do_domctl(XEN_GUEST_HANDLE(xen_domctl_t) u_domctl)
         if ( d == NULL )
             break;
 
+        ret = -EINVAL;
+        if ( d == current->domain ) /* no domain_pause() */
+        {
+            rcu_unlock_domain(d);
+            break;
+        }
+
         ret = xsm_setdebugging(d);
         if ( ret )
         {