From: Andrew Cooper <andrew.cooper3@citrix.com>
Date: Wed, 24 Apr 2019 17:53:15 +0000 (+0100)
Subject: xen/domain: Block more speculative out-of-bound accesses
X-Git-Tag: archive/raspbian/4.14.0+80-gd101b417b7-1+rpi1^2~63^2~2293
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=3431a62ae851116518b84ce91c1572edbbfc7d92;p=xen.git

xen/domain: Block more speculative out-of-bound accesses

c/s f8303458 restricted speculative access for do_vcpu_op(), but neglected its
compat counterpart, which is reachable by guests using the 32bit ABI.

Make an identical adjustment.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Reviewed-by: Norbert Manthey <nmanthey@amazon.de>
Reviewed-by: Jan Beulich <jbeulich@suse.com>
---

diff --git a/xen/common/compat/domain.c b/xen/common/compat/domain.c
index 88bfdc836d..39877b3ab2 100644
--- a/xen/common/compat/domain.c
+++ b/xen/common/compat/domain.c
@@ -39,7 +39,7 @@ int compat_vcpu_op(int cmd, unsigned int vcpuid, XEN_GUEST_HANDLE_PARAM(void) ar
     struct vcpu *v;
     int rc = 0;
 
-    if ( vcpuid >= d->max_vcpus || (v = d->vcpu[vcpuid]) == NULL )
+    if ( (v = domain_vcpu(d, vcpuid)) == NULL )
         return -ENOENT;
 
     switch ( cmd )