From de7ca99764a12f494023249f06b881e968a0afe8 Mon Sep 17 00:00:00 2001
From: Alex Williamson <alex.williamson@hp.com>
Date: Tue, 15 Jan 2008 07:07:01 -0700
Subject: [PATCH] [IA64] Fix security vulnerability

DomU can map any other domain's memory.

Signed-off-by: Kouya Shimura <kouya@jp.fujitsu.com>
---
 xen/arch/ia64/xen/dom0_ops.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/xen/arch/ia64/xen/dom0_ops.c b/xen/arch/ia64/xen/dom0_ops.c
index 438796c0cf..4c97d0e294 100644
--- a/xen/arch/ia64/xen/dom0_ops.c
+++ b/xen/arch/ia64/xen/dom0_ops.c
@@ -522,10 +522,14 @@ do_dom0vp_op(unsigned long cmd,
         ret = dom0vp_zap_physmap(d, arg0, (unsigned int)arg1);
         break;
     case IA64_DOM0VP_add_physmap:
+        if (!IS_PRIV(d))
+            return -EPERM;
         ret = dom0vp_add_physmap(d, arg0, arg1, (unsigned int)arg2,
                                  (domid_t)arg3);
         break;
     case IA64_DOM0VP_add_physmap_with_gmfn:
+        if (!IS_PRIV(d))
+            return -EPERM;
         ret = dom0vp_add_physmap_with_gmfn(d, arg0, arg1, (unsigned int)arg2,
                                            (domid_t)arg3);
         break;
-- 
2.30.2