From: Isaku Yamahata <yamahata@valinux.co.jp>
Date: Thu, 15 May 2008 05:18:38 +0000 (+0900)
Subject: [IA64] fix sal emulation.
X-Git-Tag: archive/raspbian/4.8.0-1+rpi1~1^2~14217
X-Git-Url: https://dgit.raspbian.org/%22http:/www.example.com/cgi/%22https://%22%22/%22http:/www.example.com/cgi/%22https:/%22%22?a=commitdiff_plain;h=5d8bb4c8356fcb55c61e8c2b42d792af0411cf4c;p=xen.git

[IA64] fix sal emulation.

fix sal emulation, SAL_SET_VECTORS, SAL_MC_SET_PARAMS.
It allowed any domains to change system wide state. But only
dom0 is able to change it.

Signed-off-by: Isaku Yamahata <yamahata@valinux.co.jp>
---

diff --git a/xen/arch/ia64/xen/fw_emul.c b/xen/arch/ia64/xen/fw_emul.c
index 5bd46e7439..34e71cec73 100644
--- a/xen/arch/ia64/xen/fw_emul.c
+++ b/xen/arch/ia64/xen/fw_emul.c
@@ -200,10 +200,15 @@ sal_emulator (long index, unsigned long in1, unsigned long in2,
 				d->arch.sal_data->boot_rdv_r1 = in3;
 			}
  		}
- 		else
-		{
-			if (in1 > sizeof(sal_vectors)/sizeof(sal_vectors[0])-1)
-				BUG();
+ 		else if (current->domain == dom0) {
+			if (in1 >
+			    sizeof(sal_vectors)/sizeof(sal_vectors[0])-1) {
+				gdprintk(XENLOG_DEBUG,
+					 "SAL_SET_VECTORS invalid in1 %ld\n",
+					 in1);
+				status = -2;
+				break;
+			}
 			sal_vectors[in1].vector_type	= in1;
 			sal_vectors[in1].handler_addr1	= in2;
 			sal_vectors[in1].gp1		= in3;
@@ -211,6 +216,10 @@ sal_emulator (long index, unsigned long in1, unsigned long in2,
 			sal_vectors[in1].handler_addr2	= in5;
 			sal_vectors[in1].gp2		= in6;
 			sal_vectors[in1].handler_len2	= in7;
+		} else {
+			gdprintk(XENLOG_DEBUG, "NON-PRIV DOMAIN CALLED "
+				 "SAL_SET_VECTORS %ld\n", in1);
+			status = -2;
 		}
 		break;
 	    case SAL_GET_STATE_INFO:
@@ -352,13 +361,25 @@ sal_emulator (long index, unsigned long in1, unsigned long in2,
 		printk("*** CALLED SAL_MC_RENDEZ.  IGNORED...\n");
 		break;
 	    case SAL_MC_SET_PARAMS:
-		if (in1 > sizeof(sal_mc_params)/sizeof(sal_mc_params[0]))
-			BUG();
-		sal_mc_params[in1].param_type	= in1;
-		sal_mc_params[in1].i_or_m	= in2;
-		sal_mc_params[in1].i_or_m_val	= in3;
-		sal_mc_params[in1].timeout	= in4;
-		sal_mc_params[in1].rz_always	= in5;
+		if (current->domain == dom0) {
+			if (in1 > 
+			    sizeof(sal_mc_params) / sizeof(sal_mc_params[0])) {
+				gdprintk(XENLOG_DEBUG,
+					 "SAL_MC_SET_PARAMS invalid in1 %ld\n",
+					 in1);
+				status = -2;
+				break;
+			}
+			sal_mc_params[in1].param_type	= in1;
+			sal_mc_params[in1].i_or_m	= in2;
+			sal_mc_params[in1].i_or_m_val	= in3;
+			sal_mc_params[in1].timeout	= in4;
+			sal_mc_params[in1].rz_always	= in5;
+		} else {
+			gdprintk(XENLOG_DEBUG,
+				 "*** CALLED SAL_MC_SET_PARAMS. IGNORED...\n");
+			status = -1; /* not implemented */
+		}
 		break;
 	    case SAL_CACHE_FLUSH:
 		if (1) {