From ab48596654ca20bd45eee4bdc1252188e9beb5a5 Mon Sep 17 00:00:00 2001
From: Andrew Cooper <andrew.cooper3@citrix.com>
Date: Tue, 18 Jul 2017 15:21:46 +0100
Subject: [PATCH] x86/evtchn: Restrict the ops usable in
 do_event_channel_op_compat()

This hypercall is unused by guests these days, but there was no prevention of
usable subops.  The following ops have been restricted, as there is no
suitable structure in the evntchn_op union.

  EVTCHNOP_reset
  EVTCHNOP_init_control
  EVTCHNOP_expand_array
  EVTCHNOP_set_priority

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Reviewed-by: Wei Liu <wei.liu2@citrix.com>
---
 xen/arch/x86/compat.c | 19 ++++++++++++++++++-
 1 file changed, 18 insertions(+), 1 deletion(-)

diff --git a/xen/arch/x86/compat.c b/xen/arch/x86/compat.c
index 2d4be2e899..f417cd5034 100644
--- a/xen/arch/x86/compat.c
+++ b/xen/arch/x86/compat.c
@@ -57,7 +57,24 @@ long do_event_channel_op_compat(XEN_GUEST_HANDLE_PARAM(evtchn_op_t) uop)
     if ( unlikely(copy_from_guest(&op, uop, 1) != 0) )
         return -EFAULT;
 
-    return do_event_channel_op(op.cmd, guest_handle_from_ptr(&uop.p->u, void));
+    switch ( op.cmd )
+    {
+    case EVTCHNOP_bind_interdomain:
+    case EVTCHNOP_bind_virq:
+    case EVTCHNOP_bind_pirq:
+    case EVTCHNOP_close:
+    case EVTCHNOP_send:
+    case EVTCHNOP_status:
+    case EVTCHNOP_alloc_unbound:
+    case EVTCHNOP_bind_ipi:
+    case EVTCHNOP_bind_vcpu:
+    case EVTCHNOP_unmask:
+        return do_event_channel_op(op.cmd,
+                                   guest_handle_from_ptr(&uop.p->u, void));
+
+    default:
+        return -ENOSYS;
+    }
 }
 
 #endif
-- 
2.30.2