From nobody Tue Mar 3 03:24:07 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass header.i=dpsmith@apertussolutions.com; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; arc=pass (i=1 dmarc=pass fromdomain=apertussolutions.com) ARC-Seal: i=2; a=rsa-sha256; t=1771512142; cv=pass; d=zohomail.com; s=zohoarc; b=hyiyQBFlXG0EVq3qFvDrwAzNt2ziWLaFK0OUSGAFCK2RsFLdMgcflJODTDVmxGMtHGzkXJ+9+/WOTQvmJy2Lxxttv+FRAfM2uKdaHs1yJbpMh+rWl87r9h/zBad02FeQNmSuSoLxrdqj3M+yYUm62R2ALoTXs1YYhebCuOzAnsc= ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1771512142; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=kEm1nq/NUwA6BJvciL7qaSBoCWLjHLldQ4dQbjG98JM=; b=JO2gfskSJCeQH8URt6Eg6sk7z3bG1gqrUx1OyhEQgsAkCDPfffFmW//6hj04et6l+SzERUo3EXKhRpeOlz9B232jhuIqioywdTIzxi8HXd6VrqDC5JHjGrm3TBPMenrs1YhBTbOI8Zsdr2jmD3GNa6UatxBaBlCmT9js2tgXuOI= ARC-Authentication-Results: i=2; mx.zohomail.com; dkim=pass header.i=dpsmith@apertussolutions.com; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; arc=pass (i=1 dmarc=pass fromdomain=apertussolutions.com) Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1771512142177380.30129369432746; Thu, 19 Feb 2026 06:42:22 -0800 (PST) Received: from list by lists.xenproject.org with outflank-mailman.1236414.1539134 (Exim 4.92) (envelope-from ) id 1vt5E8-00064r-AZ; Thu, 19 Feb 2026 14:42:00 +0000 Received: by outflank-mailman (output) from mailman id 1236414.1539134; Thu, 19 Feb 2026 14:42:00 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1vt5E8-00064k-62; Thu, 19 Feb 2026 14:42:00 +0000 Received: by outflank-mailman (input) for mailman id 1236414; Thu, 19 Feb 2026 14:41:58 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1vt5E6-00064e-Nn for xen-devel@lists.xenproject.org; Thu, 19 Feb 2026 14:41:58 +0000 Received: from sender4-of-o50.zoho.com (sender4-of-o50.zoho.com [136.143.188.50]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id 2318b972-0da1-11f1-b164-2bf370ae4941; Thu, 19 Feb 2026 15:41:56 +0100 (CET) Received: by mx.zohomail.com with SMTPS id 1771512105172179.85618630309523; Thu, 19 Feb 2026 06:41:45 -0800 (PST) X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 2318b972-0da1-11f1-b164-2bf370ae4941 ARC-Seal: i=1; a=rsa-sha256; t=1771512109; cv=none; d=zohomail.com; s=zohoarc; b=GmPpSgtzR0jw990HLRwR+n9r9u4wy9qoV+v5rZpJrOPcPBXLgXQzLnTWcib+f0SNDxExEIr8mND2FKQ8swEOxBWHocVjR+SRkYNG+XzGCAtkDwOpgSjcyoR/hHl2uFwoHOdf5FcVDSKc4k1Zf/8VdnQdS+EOn4RwYMGsIoHYECQ= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1771512109; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:MIME-Version:Message-ID:Subject:Subject:To:To:Message-Id:Reply-To; bh=kEm1nq/NUwA6BJvciL7qaSBoCWLjHLldQ4dQbjG98JM=; b=D6RmEA12LVy/ekj8BI+n30etJR4AsRd526cQ4ohkSl+t0MQd7xTLfte9X+lo6b6ITKJQSq9bmL0/JrQbhkNtPLo6qs6zLC2u+jFlgYLik+1xHytS/nJwZKAy2t1aQBQBoJe/dESBosQywqiwEYY5WxomtTibD8ciC8UuCr3CFHM= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass header.i=apertussolutions.com; spf=pass smtp.mailfrom=dpsmith@apertussolutions.com; dmarc=pass header.from= DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; t=1771512109; s=zoho; d=apertussolutions.com; i=dpsmith@apertussolutions.com; h=From:From:To:To:Cc:Cc:Subject:Subject:Date:Date:Message-Id:Message-Id:MIME-Version:Content-Transfer-Encoding:Reply-To; bh=kEm1nq/NUwA6BJvciL7qaSBoCWLjHLldQ4dQbjG98JM=; b=Pxfyp7ab3aTY+emXhJgAC8CO/NzZvEZR/n7vYXGhi3Qk3u2S0TYEXAM/TeQQPSKK w9Ke/LsyWWpa52td4Svey23ilpsZbz5f4OjlSa2ee3Pd16arCb90l20EltIBdLYprD+ gAez8u92bh2uuVRFX7y0xGdbg+O0/AMFX80X/ynQ= From: "Daniel P. Smith" To: xen-devel@lists.xenproject.org Cc: "Daniel P. Smith" , Chris Rogers , Dmytro Firsov , Andrew Cooper , Anthony PERARD , Michal Orzel , Jan Beulich , Julien Grall , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= , Stefano Stabellini Subject: [BUG v3] common/domctl: xsm update for get_domain_state access Date: Thu, 19 Feb 2026 09:37:07 -0500 Message-Id: <20260219143707.1588-1-dpsmith@apertussolutions.com> X-Mailer: git-send-email 2.39.5 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ZohoMailClient: External X-ZohoMail-DKIM: pass (identity dpsmith@apertussolutions.com) X-ZM-MESSAGEID: 1771512143324154100 Content-Type: text/plain; charset="utf-8" When using XSM Flask, passing DOMID_INVALID will result in a NULL pointer reference from the passing of NULL as the target domain to xsm_get_domain_state(). Simply not invoking xsm_get_domain_state() when the target domain is NULL opens the opportunity to circumvent the XSM get_domain_state access check. This is due to the fact that the call to xsm_domctl() for get_domain_state op is a no-op check, deferring to xsm_get_domain_state(). Modify the helper get_domain_state() to ensure the requesting domain has get_domain_state access for the target domain, whether the target domain is explicitly set or implicitly determined with a domain state search. In the = case of access not being allowed for a domain found during an implicit search, t= he search will continue to the next domain whose state has changed. Fixes: 3ad3df1bd0aa ("xen: add new domctl get_domain_state") Reported-by: Chris Rogers Reported-by: Dmytro Firsov Signed-off-by: Daniel P. Smith Reviewed-by: Jan Beulich --- Changes in v3: - collapse if statements - dropped unnecessary NULL - use true for copyback Changes in v2: - fix commit message - init dom as -1 - rework loop logic to use test_and_clear_bit() --- xen/common/domain.c | 37 ++++++++++++++++++++++--------------- xen/common/domctl.c | 7 ++----- 2 files changed, 24 insertions(+), 20 deletions(-) diff --git a/xen/common/domain.c b/xen/common/domain.c index de6fdf59236e..73d6c72d9709 100644 --- a/xen/common/domain.c +++ b/xen/common/domain.c @@ -210,7 +210,7 @@ static void set_domain_state_info(struct xen_domctl_get= _domain_state *info, int get_domain_state(struct xen_domctl_get_domain_state *info, struct doma= in *d, domid_t *domid) { - unsigned int dom; + unsigned int dom =3D -1; int rc =3D -ENOENT; struct domain *hdl; =20 @@ -219,6 +219,10 @@ int get_domain_state(struct xen_domctl_get_domain_stat= e *info, struct domain *d, =20 if ( d ) { + rc =3D xsm_get_domain_state(XSM_XS_PRIV, d); + if ( rc ) + return rc; + set_domain_state_info(info, d); =20 return 0; @@ -238,28 +242,31 @@ int get_domain_state(struct xen_domctl_get_domain_sta= te *info, struct domain *d, =20 while ( dom_state_changed ) { - dom =3D find_first_bit(dom_state_changed, DOMID_MASK + 1); + dom =3D find_next_bit(dom_state_changed, DOMID_MASK + 1, dom + 1); if ( dom >=3D DOMID_FIRST_RESERVED ) break; - if ( test_and_clear_bit(dom, dom_state_changed) ) - { - *domid =3D dom; - - d =3D rcu_lock_domain_by_id(dom); =20 + d =3D rcu_lock_domain_by_id(dom); + if ( (d && xsm_get_domain_state(XSM_XS_PRIV, d)) || + !test_and_clear_bit(dom, dom_state_changed) ) + { if ( d ) - { - set_domain_state_info(info, d); - rcu_unlock_domain(d); - } - else - memset(info, 0, sizeof(*info)); + continue; + } =20 - rc =3D 0; + *domid =3D dom; =20 - break; + if ( d ) + { + set_domain_state_info(info, d); + rcu_unlock_domain(d); } + else + memset(info, 0, sizeof(*info)); + + rc =3D 0; + break; } =20 out: diff --git a/xen/common/domctl.c b/xen/common/domctl.c index 29a7726d32d0..93738931c575 100644 --- a/xen/common/domctl.c +++ b/xen/common/domctl.c @@ -860,12 +860,9 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t) u_= domctl) break; =20 case XEN_DOMCTL_get_domain_state: - ret =3D xsm_get_domain_state(XSM_XS_PRIV, d); - if ( ret ) - break; - - copyback =3D 1; ret =3D get_domain_state(&op->u.get_domain_state, d, &op->domain); + if ( !ret ) + copyback =3D true; break; =20 default: --=20 2.39.5