vmd: fix vmctl pause for non existing vm ids (never returns)

check if vm id is valid before sending to vmm for pausing. The 'lock' is caused
by vmm sending back ENOENT for a non existent vm but vmd drops the message
because it doesn't recogize the vmid vmm is talking about. This is an artifact
of the 'policy' don't trust any imsg from a sibling priv sep process and do
your own checking.

reported by Abel Abraham Camarillo Ojeda
ok mlarkin@ and ccardenas@

diff --git a/usr.sbin/vmd/vmd.c b/usr.sbin/vmd/vmd.c
index c0499e0..b987b1b 100644 (file)
--- a/usr.sbin/vmd/vmd.c
+++ b/usr.sbin/vmd/vmd.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: vmd.c,v 1.79 2018/01/10 14:59:59 sthen Exp $  */
+/*     $OpenBSD: vmd.c,v 1.80 2018/02/18 01:00:25 pd Exp $     */
 
 /*
  * Copyright (c) 2015 Reyk Floeter <reyk@openbsd.org>
@@ -186,6 +186,10 @@ vmd_dispatch_control(int fd, struct privsep_proc *p, struct imsg *imsg)
                        } else {
                                vid.vid_id = vm->vm_vmid;
                        }
+               } else if (vm_getbyid(vid.vid_id) == NULL) {
+                       res = ENOENT;
+                       cmd = IMSG_VMDOP_PAUSE_VM_RESPONSE;
+                       break;
                }
                proc_compose_imsg(ps, PROC_VMM, -1, imsg->hdr.type,
                    imsg->hdr.peerid, -1, &vid, sizeof(vid));