On 19.02.2026 15:37, Daniel P. Smith wrote:
> When using XSM Flask, passing DOMID_INVALID will result in a NULL pointer
> reference from the passing of NULL as the target domain to
> xsm_get_domain_state(). Simply not invoking xsm_get_domain_state() when the
> target domain is NULL opens the opportunity to circumvent the XSM
> get_domain_state access check. This is due to the fact that the call to
> xsm_domctl() for get_domain_state op is a no-op check, deferring to
> xsm_get_domain_state().
>
> Modify the helper get_domain_state() to ensure the requesting domain has
> get_domain_state access for the target domain, whether the target domain is
> explicitly set or implicitly determined with a domain state search. In the
> case
> of access not being allowed for a domain found during an implicit search, the
> search will continue to the next domain whose state has changed.
>
> Fixes: 3ad3df1bd0aa ("xen: add new domctl get_domain_state")
> Reported-by: Chris Rogers <[email protected]>
> Reported-by: Dmytro Firsov <[email protected]>
> Signed-off-by: Daniel P. Smith <[email protected]>
Reviewed-by: Jan Beulich <[email protected]>
