xen: Do not allow guests to enable nested HVM on themselves

author Ian Campbell <ian.campbell@citrix.com>

Wed, 23 Jan 2013 10:47:24 +0000 (11:47 +0100)

committer Ian Campbell <ian.campbell@citrix.com>

Wed, 23 Jan 2013 10:47:24 +0000 (11:47 +0100)
author Ian Campbell <ian.campbell@citrix.com>
Wed, 23 Jan 2013 10:47:24 +0000 (11:47 +0100)
committer Ian Campbell <ian.campbell@citrix.com>
Wed, 23 Jan 2013 10:47:24 +0000 (11:47 +0100)
diff --git a/xen/arch/x86/hvm/hvm.c b/xen/arch/x86/hvm/hvm.c

index b5535c0de985efd0d3848d825cdb79cadb7c29ee..d702de4e8664b45e86bb5e87c6c8f11ca6cc1c54 100644 (file)
--- a/xen/arch/x86/hvm/hvm.c
+++ b/xen/arch/x86/hvm/hvm.c
@@ -3881,6 +3881,11 @@ long do_hvm_op(unsigned long op, XEN_GUEST_HANDLE_PARAM(void) arg)
                      rc = -EINVAL;
                  break;
              case HVM_PARAM_NESTEDHVM:
+                if ( !IS_PRIV(current->domain) )
+                {
+                    rc = -EPERM;
+                    break;
+                }
                  if ( a.value > 1 )
                      rc = -EINVAL;
                  if ( !is_hvm_domain(d) )
author	Ian Campbell <ian.campbell@citrix.com>
	Wed, 23 Jan 2013 10:47:24 +0000 (11:47 +0100)
committer	Ian Campbell <ian.campbell@citrix.com>
	Wed, 23 Jan 2013 10:47:24 +0000 (11:47 +0100)