From e42c68e8b542ddbc315e9ab61d5d1ef8cc5b1b1b Mon Sep 17 00:00:00 2001
From: Jan Beulich <jbeulich@suse.com>
Date: Thu, 22 Jun 2017 09:50:00 +0200
Subject: [PATCH] domctl: restrict DOMCTL_set_target to HVM domains

Both the XSA-217 fix and
lists.xenproject.org/archives/html/xen-devel/2017-04/msg02945.html
make this assumption, so let's enforce it.

Signed-off-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Andrew Cooper <andrew.cooper@citrix.com>
---
 xen/common/domctl.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/xen/common/domctl.c b/xen/common/domctl.c
index 951a5dce0d..dfa3df9beb 100644
--- a/xen/common/domctl.c
+++ b/xen/common/domctl.c
@@ -1071,8 +1071,11 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t) u_domctl)
             break;
         }
 
-        ret = xsm_set_target(XSM_HOOK, d, e);
-        if ( ret ) {
+        ret = -EOPNOTSUPP;
+        if ( is_hvm_domain(e) )
+            ret = xsm_set_target(XSM_HOOK, d, e);
+        if ( ret )
+        {
             put_domain(e);
             break;
         }
-- 
2.30.2