projects / openwrt / staging / blogic.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 7f9ad1d)
KVM: x86: Fix kernel info-leak in KVM_HC_CLOCK_PAIRING hypercall
authorLiran Alon <[email protected]>
Wed, 7 Nov 2018 22:43:06 +0000 (00:43 +0200)
committerPaolo Bonzini <[email protected]>
Tue, 27 Nov 2018 11:49:57 +0000 (12:49 +0100)
kvm_pv_clock_pairing() allocates local var
"struct kvm_clock_pairing clock_pairing" on stack and initializes
all it's fields besides padding (clock_pairing.pad[]).

Because clock_pairing var is written completely (including padding)
to guest memory, failure to init struct padding results in kernel
info-leak.

Fix the issue by making sure to also init the padding with zeroes.

Fixes: 55dd00a73a51 ("KVM: x86: add KVM_HC_CLOCK_PAIRING hypercall")
Reported-by: [email protected]
Reviewed-by: Mark Kanda <[email protected]>
Signed-off-by: Liran Alon <[email protected]>
Cc: [email protected]
Signed-off-by: Paolo Bonzini <[email protected]>
arch/x86/kvm/x86.c patch | blob | history

diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index 64cae03b2c20a664bee55e87a7d44b42a08e0ca3..7e4be1f2f253d767ab071a0712b6a5c7618817f5 100644 (file)
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -6918,6 +6918,7 @@ static int kvm_pv_clock_pairing(struct kvm_vcpu *vcpu, gpa_t paddr,
        clock_pairing.nsec = ts.tv_nsec;
        clock_pairing.tsc = kvm_read_l1_tsc(vcpu, cycle);
        clock_pairing.flags = 0;
+       memset(&clock_pairing.pad, 0, sizeof(clock_pairing.pad));
 
        ret = 0;
        if (kvm_write_guest(vcpu->kvm, paddr, &clock_pairing,
John Crispins staging tree