diff options
| author | Ian Campbell <ian.campbell@citrix.com> | 2013-01-23 11:47:24 +0100 |
|---|---|---|
| committer | Ian Campbell <ian.campbell@citrix.com> | 2013-01-23 11:47:24 +0100 |
| commit | 3fc87c0c65f83cc613726b2c33942a19715f4289 (patch) | |
| tree | 98e71591b9f3c3ac7af60e26e939e4d5d7f74413 /xen/arch/x86/hvm/hvm.c | |
| parent | 529d5731e40e179e396397c633e10316a850044e (diff) | |
| download | xen-3fc87c0c65f83cc613726b2c33942a19715f4289.tar.gz xen-3fc87c0c65f83cc613726b2c33942a19715f4289.tar.bz2 xen-3fc87c0c65f83cc613726b2c33942a19715f4289.zip | |
xen: Do not allow guests to enable nested HVM on themselves
There is no reason for this and doing so exposes a memory leak to
guests. Only toolstacks need write access to this HVM param.
This is XSA-35 / CVE-2013-0152.
Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Acked-by: Jan Beulich <JBeulich@suse.com>
Committed-by: Jan Beulich <jbeulich@suse.com>
Diffstat (limited to 'xen/arch/x86/hvm/hvm.c')
| -rw-r--r-- | xen/arch/x86/hvm/hvm.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/xen/arch/x86/hvm/hvm.c b/xen/arch/x86/hvm/hvm.c index b5535c0de9..d702de4e86 100644 --- a/xen/arch/x86/hvm/hvm.c +++ b/xen/arch/x86/hvm/hvm.c @@ -3881,6 +3881,11 @@ long do_hvm_op(unsigned long op, XEN_GUEST_HANDLE_PARAM(void) arg) rc = -EINVAL; break; case HVM_PARAM_NESTEDHVM: + if ( !IS_PRIV(current->domain) ) + { + rc = -EPERM; + break; + } if ( a.value > 1 ) rc = -EINVAL; if ( !is_hvm_domain(d) ) |