A toolstack is expected to use XEN_DOMCTL_hypercall_init where applicable to
construct a new guest, but is absolutely not expected to use it against
itself. Kernels have a stable ABI for accessing the same functionality, via
MSR 0x40000000.
Found when auditing hypercalls for Host UEFI-SecureBoot safety.
Reported-by: Frediano Ziglio <frediano.zig...@cloud.com>
Signed-off-by: Andrew Cooper <andrew.coop...@citrix.com>
---
CC: Anthony PERARD <anthony.per...@vates.tech>
CC: Michal Orzel <michal.or...@amd.com>
CC: Jan Beulich <jbeul...@suse.com>
CC: Julien Grall <jul...@xen.org>
CC: Roger Pau Monné <roger....@citrix.com>
CC: Stefano Stabellini <sstabell...@kernel.org>
CC: Ross Lagerwall <ross.lagerw...@citrix.com>
CC: Frediano Ziglio <frediano.zig...@cloud.com>
---
xen/arch/x86/domctl.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/xen/arch/x86/domctl.c b/xen/arch/x86/domctl.c
index 3044f706de1c..bf1ee4ed51a0 100644
--- a/xen/arch/x86/domctl.c
+++ b/xen/arch/x86/domctl.c
@@ -372,6 +372,14 @@ long arch_do_domctl(
struct page_info *page;
void *hypercall_page;
+ /*
+ * Kernels should use the MSR method to get a hypercall page. The
+ * toolstack should not be using the DOMCTL on itself.
+ */
+ ret = -EINVAL;
+ if ( d == currd )
+ break;
+
page = get_page_from_gfn(d, gmfn, NULL, P2M_ALLOC);
if ( !page || !get_page_type(page, PGT_writable_page) )
base-commit: 68797a710f4e91cc09fe5650ee14478316010f88
--
2.39.5
