[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] xen: vm_event: do not do vm_event_op for an invalid domain


  • To: Tamas K Lengyel <tamas@xxxxxxxxxxxxx>
  • From: Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>
  • Date: Tue, 18 Mar 2025 00:01:31 +0000
  • Accept-language: en-US
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=epam.com; dmarc=pass action=none header.from=epam.com; dkim=pass header.d=epam.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Bwg8UilKfhmy8wFwabXdkkalXgLIcgjszTNTiImO1RI=; b=hwERyhjiOWXfBK50kW2XKTmFQ//uN3Hz3GDyM97MPYihDYePa9uddpDmZR3alMt5aqycpTrcmFOhbOVBchCGMfevEFRjULR+siPowV/ufxku+GVVuTHEJQqjzSGu8I5XvkXZwGs1eNx5bQHfiT6qZYhVSh3R6SpPN8t/sTM/7IfSvx8VQJR5b6CR2+Xs2PWtZjetHjlWZy/58Ljng5Mxg3ubK12EjiGhDYS9h0R4mKTH7/LF0Dwe1rCZZ1qyE0oIhETBLXykBQ1L80WP/UwxlEndVOTn0W5ehufWfd7ChBc+TGhcZNNqbfj841kdkpN+lLkXLsBhw6dgt37af6OMqg==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=jczmebZFAnbfr6WTzh3wlpQwzQ404fObSTjxBKpiaRO2/4nL1MNzWwVTbZKB6gd4kW2S4oeV4NGnOhfWW5IWHPQWRGGky64WmIX0ynMtdT8ui/s9O1/cqgW/l28eFdiyMhXZ60aoVGk0XaiCMf0kp1j8frNpRFKr70RMkh+0yfXJoWrD8ux2Xqi204kBuwxKjlMTqcEv3cf1fxXZFI8bLjlQq1N6r02zalSV1F4CGbbqZKljfienchZBKJeheY5h0jOEXnOZroNYdaJ72V5j8Fr0RvSCwx4T9Sh0vfNoFX2N8bPYy8MS+sIptXAUOHWPIiNyK7c/635tU5h4ExxQ3g==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=epam.com;
  • Cc: "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, Alexandru Isaila <aisaila@xxxxxxxxxxxxxxx>, Petre Pircalabu <ppircalabu@xxxxxxxxxxxxxxx>
  • Delivery-date: Tue, 18 Mar 2025 00:01:46 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
  • Thread-index: AQHbl5FytTUpgHIInUKTmFbOO0oHkQ==
  • Thread-topic: [PATCH] xen: vm_event: do not do vm_event_op for an invalid domain

Hi Tamas,


Tamas K Lengyel <tamas@xxxxxxxxxxxxx> writes:

> On Mon, Mar 17, 2025 at 7:08 PM Volodymyr Babchuk
> <Volodymyr_Babchuk@xxxxxxxx> wrote:
>>
>> A privileged domain can issue XEN_DOMCTL_vm_event_op with
>> op->domain == DOMID_INVALID. In this case vm_event_domctl()
>> function will get NULL as the first parameter and this will
>> cause hypervisor panic, as it tries to derefer this pointer.
>>
>> Fix the issue by checking if valid domain is passed in.
>>
>> Signed-off-by: Volodymyr Babchuk <volodymyr_babchuk@xxxxxxxx>
>>
>> ---
>>
>> This issue was found by the xen fuzzer ([1])
>>
>> [1] 
>> https://lore.kernel.org/all/20250315003544.1101488-1-volodymyr_babchuk@xxxxxxxx/
>> ---
>>  xen/common/vm_event.c | 7 +++++++
>>  1 file changed, 7 insertions(+)
>>
>> diff --git a/xen/common/vm_event.c b/xen/common/vm_event.c
>> index fbf1aa0848..a4c233de52 100644
>> --- a/xen/common/vm_event.c
>> +++ b/xen/common/vm_event.c
>> @@ -600,6 +600,13 @@ int vm_event_domctl(struct domain *d, struct 
>> xen_domctl_vm_event_op *vec)
>>          return 0;
>>      }
>>
>> +    if ( unlikely(!d) )
>> +    {
>> +        gdprintk(XENLOG_INFO,
>> +                 "Tried to do a memory event op on invalid domain\n");
>
> This is not a memory event op?

Oh, this is good catch. I absent mindedly copied an error message from a
couple of lines below. Looks like we need another patch that fixes error
messages.


--
WBR, Volodymyr

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.