On Mon, Mar 17, 2025 at 7:08 PM Volodymyr Babchuk <volodymyr_babc...@epam.com> wrote: > > A privileged domain can issue XEN_DOMCTL_vm_event_op with > op->domain == DOMID_INVALID. In this case vm_event_domctl() > function will get NULL as the first parameter and this will > cause hypervisor panic, as it tries to derefer this pointer. > > Fix the issue by checking if valid domain is passed in. > > Signed-off-by: Volodymyr Babchuk <volodymyr_babc...@epam.com> > > --- > > This issue was found by the xen fuzzer ([1]) > > [1] > https://lore.kernel.org/all/20250315003544.1101488-1-volodymyr_babc...@epam.com/ > --- > xen/common/vm_event.c | 7 +++++++ > 1 file changed, 7 insertions(+) > > diff --git a/xen/common/vm_event.c b/xen/common/vm_event.c > index fbf1aa0848..a4c233de52 100644 > --- a/xen/common/vm_event.c > +++ b/xen/common/vm_event.c > @@ -600,6 +600,13 @@ int vm_event_domctl(struct domain *d, struct > xen_domctl_vm_event_op *vec) > return 0; > } > > + if ( unlikely(!d) ) > + { > + gdprintk(XENLOG_INFO, > + "Tried to do a memory event op on invalid domain\n");
This is not a memory event op? Tamas
