A toolstack is expected to use XEN_DOMCTL_hypercall_init where applicable to construct a new guest, but is absolutely not expected to use it against itself. Kernels have a stable ABI for accessing the same functionality, via MSR 0x40000000.
Found when auditing hypercalls for Host UEFI-SecureBoot safety. Reported-by: Frediano Ziglio <[email protected]> Signed-off-by: Andrew Cooper <[email protected]> --- CC: Anthony PERARD <[email protected]> CC: Michal Orzel <[email protected]> CC: Jan Beulich <[email protected]> CC: Julien Grall <[email protected]> CC: Roger Pau Monné <[email protected]> CC: Stefano Stabellini <[email protected]> CC: Ross Lagerwall <[email protected]> CC: Frediano Ziglio <[email protected]> --- xen/arch/x86/domctl.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/xen/arch/x86/domctl.c b/xen/arch/x86/domctl.c index 3044f706de1c..bf1ee4ed51a0 100644 --- a/xen/arch/x86/domctl.c +++ b/xen/arch/x86/domctl.c @@ -372,6 +372,14 @@ long arch_do_domctl( struct page_info *page; void *hypercall_page; + /* + * Kernels should use the MSR method to get a hypercall page. The + * toolstack should not be using the DOMCTL on itself. + */ + ret = -EINVAL; + if ( d == currd ) + break; + page = get_page_from_gfn(d, gmfn, NULL, P2M_ALLOC); if ( !page || !get_page_type(page, PGT_writable_page) ) base-commit: 68797a710f4e91cc09fe5650ee14478316010f88 -- 2.39.5
