From: Ian Campbell <ian.campbell@citrix.com>
Date: Wed, 23 Jan 2013 10:47:24 +0000 (+0100)
Subject: xen: Do not allow guests to enable nested HVM on themselves
X-Git-Tag: archive/raspbian/4.8.0-1+rpi1~1^2~7383
X-Git-Url: https://dgit.raspbian.org/%22http://www.example.com/cgi/success//%22http:/www.example.com/cgi/success/?a=commitdiff_plain;h=3fc87c0c65f83cc613726b2c33942a19715f4289;p=xen.git

xen: Do not allow guests to enable nested HVM on themselves

There is no reason for this and doing so exposes a memory leak to
guests. Only toolstacks need write access to this HVM param.

This is XSA-35 / CVE-2013-0152.

Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Acked-by: Jan Beulich <JBeulich@suse.com>
Committed-by: Jan Beulich <jbeulich@suse.com>
---

diff --git a/xen/arch/x86/hvm/hvm.c b/xen/arch/x86/hvm/hvm.c
index b5535c0de9..d702de4e86 100644
--- a/xen/arch/x86/hvm/hvm.c
+++ b/xen/arch/x86/hvm/hvm.c
@@ -3881,6 +3881,11 @@ long do_hvm_op(unsigned long op, XEN_GUEST_HANDLE_PARAM(void) arg)
                     rc = -EINVAL;
                 break;
             case HVM_PARAM_NESTEDHVM:
+                if ( !IS_PRIV(current->domain) )
+                {
+                    rc = -EPERM;
+                    break;
+                }
                 if ( a.value > 1 )
                     rc = -EINVAL;
                 if ( !is_hvm_domain(d) )