xsm: forbid PV guest console reads

The CONSOLEIO_read operation was incorrectly allowed to PV guests if the
hypervisor was compiled in debug mode (with VERBOSE defined).

Reported-by: Jan Beulich <jbeulich@suse.com>
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>

diff --git a/xen/include/xsm/dummy.h b/xen/include/xsm/dummy.h
index 052f3e011181332b8342c1648ecd050327c74aa1..52c651c4023a4a19f13ee4722a65482059017433 100644 (file)
--- a/xen/include/xsm/dummy.h
+++ b/xen/include/xsm/dummy.h
@@ -222,10 +222,10 @@ static XSM_INLINE int xsm_console_io(XSM_DEFAULT_ARG struct domain *d, int cmd)
 {
     XSM_ASSERT_ACTION(XSM_OTHER);
 #ifdef VERBOSE
-    return xsm_default_action(XSM_HOOK, current->domain, NULL);
-#else
-    return xsm_default_action(XSM_PRIV, current->domain, NULL);
+    if ( cmd == CONSOLEIO_write )
+        return xsm_default_action(XSM_HOOK, d, NULL);
 #endif
+    return xsm_default_action(XSM_PRIV, d, NULL);
 }
 
 static XSM_INLINE int xsm_profile(XSM_DEFAULT_ARG struct domain *d, int op)