On 11/10/21 16:37, Emanuele Giuseppe Esposito wrote:
ZE)) return -EFAULT; - if (copy_to_user(&user_vmcb->control, &svm->nested.ctl, + nested_copy_vmcb_cache_to_control(&ctl_temp, &svm->nested.ctl); + if (copy_to_user(&user_vmcb->control, &ctl_temp, sizeof(user_vmcb->control))) return -EFAULT;
This needs a memset of ctl_temp so that kernel memory contents are not leaked to userspace. However, it's also better to avoid large structs on the stack, and do a quick kzalloc/kfree instead: - nested_copy_vmcb_cache_to_control(&ctl_temp, &svm->nested.ctl); - if (copy_to_user(&user_vmcb->control, &ctl_temp, - sizeof(user_vmcb->control))) + + ctl = kzalloc(sizeof(*ctl), GFP_KERNEL); + if (!ctl) + return -ENOMEM; + nested_copy_vmcb_cache_to_control(ctl, &svm->nested.ctl); + r = copy_to_user(&user_vmcb->control, ctl, + sizeof(user_vmcb->control)); + kfree(ctl); + if (r) return -EFAULT; I can do this change when committing too. Paolo
