From: Alex Williamson <alex.williamson@hp.com>
Date: Tue, 15 Jan 2008 14:07:01 +0000 (-0700)
Subject: [IA64] Fix security vulnerability
X-Git-Tag: archive/raspbian/4.8.0-1+rpi1~1^2~14445^2~44
X-Git-Url: https://dgit.raspbian.org/%22http:/www.example.com/cgi/%22https:/%22bookmarks://%22Dat/%22http:/www.example.com/cgi/%22https:/%22bookmarks:/%22Dat?a=commitdiff_plain;h=de7ca99764a12f494023249f06b881e968a0afe8;p=xen.git

[IA64] Fix security vulnerability

DomU can map any other domain's memory.

Signed-off-by: Kouya Shimura <kouya@jp.fujitsu.com>
---

diff --git a/xen/arch/ia64/xen/dom0_ops.c b/xen/arch/ia64/xen/dom0_ops.c
index 438796c0cf..4c97d0e294 100644
--- a/xen/arch/ia64/xen/dom0_ops.c
+++ b/xen/arch/ia64/xen/dom0_ops.c
@@ -522,10 +522,14 @@ do_dom0vp_op(unsigned long cmd,
         ret = dom0vp_zap_physmap(d, arg0, (unsigned int)arg1);
         break;
     case IA64_DOM0VP_add_physmap:
+        if (!IS_PRIV(d))
+            return -EPERM;
         ret = dom0vp_add_physmap(d, arg0, arg1, (unsigned int)arg2,
                                  (domid_t)arg3);
         break;
     case IA64_DOM0VP_add_physmap_with_gmfn:
+        if (!IS_PRIV(d))
+            return -EPERM;
         ret = dom0vp_add_physmap_with_gmfn(d, arg0, arg1, (unsigned int)arg2,
                                            (domid_t)arg3);
         break;