On XEN_DOMCTL_create_domain, we need to pass the ssidref parameter to xsm_domctl,
currently, it is always passed regardless of what command we actually do (meaning
that we are likely to pass garbage in !XEN_DOMCTL_create_domain).
Pass ssidref from u.createdomain only for create_domain command, 0 otherwise.
No functionnal change as ssidref parameter is ignored for non-XEN_DOMCTL_create_domain
commands.
Fixes: ee32b9b29af449d38aad0a1b3a81aaae586f5ea7 ("XSM/domctl: Fix permission checks on XEN_DOMCTL_createdomain")
Signed-off-by: Teddy Astie <teddy.astie@vates.tech>
---
xen/common/domctl.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/xen/common/domctl.c b/xen/common/domctl.c
index ea16b75910..313022fe01 100644
--- a/xen/common/domctl.c
+++ b/xen/common/domctl.c
@@ -281,6 +281,7 @@ static struct vnuma_info *vnuma_init(const struct xen_domctl_vnuma *uinfo,
long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t) u_domctl)
{
long ret = 0;
+ uint32_t ssidref = 0; /* SSIDRef only applicable for cmd == createdomain */
bool copyback = false;
struct xen_domctl curop, *op = &curop;
struct domain *d;
@@ -295,6 +296,7 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t) u_domctl)
{
case XEN_DOMCTL_createdomain:
d = NULL;
+ ssidref = op->u.createdomain.ssidref;
break;
case XEN_DOMCTL_assign_device:
@@ -322,9 +324,7 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t) u_domctl)
break;
}
- ret = xsm_domctl(XSM_OTHER, d, op->cmd,
- /* SSIDRef only applicable for cmd == createdomain */
- op->u.createdomain.ssidref);
+ ret = xsm_domctl(XSM_OTHER, d, op->cmd, ssidref);
if ( ret )
goto domctl_out_unlock_domonly;
--
2.45.2
Teddy Astie | Vates XCP-ng Developer
XCP-ng & Xen Orchestra - Vates solutions
web: https://vates.tech