Hi Tamas,
Tamas K Lengyel <ta...@tklengyel.com> writes: > On Mon, Mar 17, 2025 at 7:08 PM Volodymyr Babchuk > <volodymyr_babc...@epam.com> wrote: >> >> A privileged domain can issue XEN_DOMCTL_vm_event_op with >> op->domain == DOMID_INVALID. In this case vm_event_domctl() >> function will get NULL as the first parameter and this will >> cause hypervisor panic, as it tries to derefer this pointer. >> >> Fix the issue by checking if valid domain is passed in. >> >> Signed-off-by: Volodymyr Babchuk <volodymyr_babc...@epam.com> >> >> --- >> >> This issue was found by the xen fuzzer ([1]) >> >> [1] >> https://lore.kernel.org/all/20250315003544.1101488-1-volodymyr_babc...@epam.com/ >> --- >> xen/common/vm_event.c | 7 +++++++ >> 1 file changed, 7 insertions(+) >> >> diff --git a/xen/common/vm_event.c b/xen/common/vm_event.c >> index fbf1aa0848..a4c233de52 100644 >> --- a/xen/common/vm_event.c >> +++ b/xen/common/vm_event.c >> @@ -600,6 +600,13 @@ int vm_event_domctl(struct domain *d, struct >> xen_domctl_vm_event_op *vec) >> return 0; >> } >> >> + if ( unlikely(!d) ) >> + { >> + gdprintk(XENLOG_INFO, >> + "Tried to do a memory event op on invalid domain\n"); > > This is not a memory event op? Oh, this is good catch. I absent mindedly copied an error message from a couple of lines below. Looks like we need another patch that fixes error messages. -- WBR, Volodymyr
