From 3431a62ae851116518b84ce91c1572edbbfc7d92 Mon Sep 17 00:00:00 2001
From: Andrew Cooper <andrew.cooper3@citrix.com>
Date: Wed, 24 Apr 2019 18:53:15 +0100
Subject: [PATCH] xen/domain: Block more speculative out-of-bound accesses

c/s f8303458 restricted speculative access for do_vcpu_op(), but neglected its
compat counterpart, which is reachable by guests using the 32bit ABI.

Make an identical adjustment.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Reviewed-by: Norbert Manthey <nmanthey@amazon.de>
Reviewed-by: Jan Beulich <jbeulich@suse.com>
---
 xen/common/compat/domain.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/xen/common/compat/domain.c b/xen/common/compat/domain.c
index 88bfdc836d..39877b3ab2 100644
--- a/xen/common/compat/domain.c
+++ b/xen/common/compat/domain.c
@@ -39,7 +39,7 @@ int compat_vcpu_op(int cmd, unsigned int vcpuid, XEN_GUEST_HANDLE_PARAM(void) ar
     struct vcpu *v;
     int rc = 0;
 
-    if ( vcpuid >= d->max_vcpus || (v = d->vcpu[vcpuid]) == NULL )
+    if ( (v = domain_vcpu(d, vcpuid)) == NULL )
         return -ENOENT;
 
     switch ( cmd )
-- 
2.30.2