[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH] xen: vm_event: do not do vm_event_op for an invalid domain

  • To: "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • From: Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>
  • Date: Mon, 17 Mar 2025 23:08:08 +0000
  • Accept-language: en-US
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=epam.com; dmarc=pass action=none header.from=epam.com; dkim=pass header.d=epam.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=DlMwrJCMLe42goTjVdw8aYjZxe8B17WCQCexhbej2/E=; b=NlT5wUn6RC6rPfyx2p1+4TAMQVK1UKe/l6Xe6/+B3NS6x80py9t2VRlgSNFbw2geycJq/HTAv2YGtUVl+PjNj/m0v3Lt2SyJ7OB2LKVTqrraa1q/fUM/I12tpNL3lX7sEkyeX6aiUiOYCjgTakbFndw+FV+WNiy/wna8QHt4xSU3XIRQ2SRy4wwoOqZxf2ezg6/6QSaYV66qeNLyRHjkEScGUR2Ba//Qj3nLx7SeTs5irS1/h2bxDo+viBTMntAxEmSZzWDH0CDea7bXNMgFKoQ9y2djM80+ARbCLyO1hQc4PvDcKI9uZe4mXLt6QaEq7wnnRmqZFP02pKpz/jROGg==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=gihpf9zPBTA12I+Wgp3vznpi64udN0vrkjarJczbmjLEmaHy40JmqKMvxyGksWXX1pXbYIszvrLJZUkk/bhvsEbg6xbmRDkevyda+PeuBQnT0XRBOw53xk9ZAIOQGHoSr0cj1Y10b3yWQ3gszdervo+DLc/mRd580a66qDbzY0yM5bbQuF4CvljqfBmGQiP09vo8rOGuyuZ9HUIxSuPv2N/JqRNA3a/OirjxsyWQZhRIyerJ8j5+Zm9nykgp8ms5a3hs/CONFtmpUIpoimQuFk1gxKl4ifZZbL36h5oXSHsYNh/nugXl10FSX6rQjFYsnXKAyAjG2Yr2KR1/J15wVw==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=epam.com;
  • Cc: Stefano Stabellini <sstabellini@xxxxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>, Tamas K Lengyel <tamas@xxxxxxxxxxxxx>, Alexandru Isaila <aisaila@xxxxxxxxxxxxxxx>, Petre Pircalabu <ppircalabu@xxxxxxxxxxxxxxx>
  • Delivery-date: Mon, 17 Mar 2025 23:08:23 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
  • Thread-index: AQHbl5FytTUpgHIInUKTmFbOO0oHkQ==
  • Thread-topic: [PATCH] xen: vm_event: do not do vm_event_op for an invalid domain
A privileged domain can issue XEN_DOMCTL_vm_event_op with
op->domain == DOMID_INVALID. In this case vm_event_domctl()
function will get NULL as the first parameter and this will
cause hypervisor panic, as it tries to derefer this pointer.

Fix the issue by checking if valid domain is passed in.

Signed-off-by: Volodymyr Babchuk <volodymyr_babchuk@xxxxxxxx>

---

This issue was found by the xen fuzzer ([1])

[1] 
https://lore.kernel.org/all/20250315003544.1101488-1-volodymyr_babchuk@xxxxxxxx/
---
 xen/common/vm_event.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/xen/common/vm_event.c b/xen/common/vm_event.c
index fbf1aa0848..a4c233de52 100644
--- a/xen/common/vm_event.c
+++ b/xen/common/vm_event.c
@@ -600,6 +600,13 @@ int vm_event_domctl(struct domain *d, struct 
xen_domctl_vm_event_op *vec)
         return 0;
     }
 
+    if ( unlikely(!d) )
+    {
+        gdprintk(XENLOG_INFO,
+                 "Tried to do a memory event op on invalid domain\n");
+        return -EINVAL;
+    }
+
     rc = xsm_vm_event_control(XSM_PRIV, d, vec->mode, vec->op);
     if ( rc )
         return rc;
-- 
2.48.1

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.