[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] xen: vm_event: do not do vm_event_op for an invalid domain


  • To: Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>
  • From: Tamas K Lengyel <tamas@xxxxxxxxxxxxx>
  • Date: Mon, 17 Mar 2025 19:51:58 -0400
  • Arc-authentication-results: i=1; mx.zohomail.com; dkim=pass header.i=tklengyel.com; spf=pass smtp.mailfrom=tamas@xxxxxxxxxxxxx; dmarc=pass header.from=<tamas@xxxxxxxxxxxxx>
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1742255557; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:MIME-Version:Message-ID:References:Subject:Subject:To:To:Message-Id:Reply-To; bh=E+FhAZKJK7JUoUFqBGMTOlH/+yUw1+AycTUDLcEwjSo=; b=Bm8F+GjLFh9JXDto4IqBvf8tECH3bgPRFFIWOoJYeWuZAmF/E3TfFC8133PVbxrdnyRlRL8Bk179lxpyzjNIZadNq1viDga6tpSp5wAWrAbrFL2ZjHIJzhEfhpo79cpMLM3CVuSTDrQ8COCF0QmWUem3U07bIqCSW0xiF5lydbU=
  • Arc-seal: i=1; a=rsa-sha256; t=1742255557; cv=none; d=zohomail.com; s=zohoarc; b=fRr3WRGNwqFML/tS9/jr6+KBoSI2UOGKyWyEX/1BKgUxFoYYtMgyFPlZQgqj2tpuCgl54MszwMbzQv7eRwoz4RKPUO13oxJbzriavwhEsO5499niRfyrHKlMwmc6xrkLBYKh/w4ltnRx0GA3s6CT4WRFNqRQvPsNrzom8Tmmi4Q=
  • Cc: "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, Alexandru Isaila <aisaila@xxxxxxxxxxxxxxx>, Petre Pircalabu <ppircalabu@xxxxxxxxxxxxxxx>
  • Delivery-date: Mon, 17 Mar 2025 23:52:47 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On Mon, Mar 17, 2025 at 7:08 PM Volodymyr Babchuk
<Volodymyr_Babchuk@xxxxxxxx> wrote:
>
> A privileged domain can issue XEN_DOMCTL_vm_event_op with
> op->domain == DOMID_INVALID. In this case vm_event_domctl()
> function will get NULL as the first parameter and this will
> cause hypervisor panic, as it tries to derefer this pointer.
>
> Fix the issue by checking if valid domain is passed in.
>
> Signed-off-by: Volodymyr Babchuk <volodymyr_babchuk@xxxxxxxx>
>
> ---
>
> This issue was found by the xen fuzzer ([1])
>
> [1] 
> https://lore.kernel.org/all/20250315003544.1101488-1-volodymyr_babchuk@xxxxxxxx/
> ---
>  xen/common/vm_event.c | 7 +++++++
>  1 file changed, 7 insertions(+)
>
> diff --git a/xen/common/vm_event.c b/xen/common/vm_event.c
> index fbf1aa0848..a4c233de52 100644
> --- a/xen/common/vm_event.c
> +++ b/xen/common/vm_event.c
> @@ -600,6 +600,13 @@ int vm_event_domctl(struct domain *d, struct 
> xen_domctl_vm_event_op *vec)
>          return 0;
>      }
>
> +    if ( unlikely(!d) )
> +    {
> +        gdprintk(XENLOG_INFO,
> +                 "Tried to do a memory event op on invalid domain\n");

This is not a memory event op?

Tamas



 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.