On 30.10.2010, at 11:55, Vasiliy Kulikov wrote: > Structure kvm_ppc_pvinfo is copied to userland with "flags" and "pad" > fields unitialized. It leads to leaking of contents of kernel stack > memory. We have to initialize them to zero. > > In patch v1 Jan Kiszka suggested to fill reserved fields with zeros > instead of memset'ting the whole struct. It makes sense as these > fields are explicitly marked as padding. No more fields need zeroing. > > Signed-off-by: Vasiliy Kulikov <segooon@xxxxxxxxx> > --- > arch/powerpc/kvm/powerpc.c | 2 ++ > 1 files changed, 2 insertions(+), 0 deletions(-) > > diff --git a/arch/powerpc/kvm/powerpc.c b/arch/powerpc/kvm/powerpc.c > index 2f87a16..5962336 100644 > --- a/arch/powerpc/kvm/powerpc.c > +++ b/arch/powerpc/kvm/powerpc.c > @@ -604,6 +604,8 @@ static int kvm_vm_ioctl_get_pvinfo(struct kvm_ppc_pvinfo *pvinfo) > pvinfo->hcall[1] = inst_ori | (KVM_SC_MAGIC_R0 & inst_imm_mask); > pvinfo->hcall[2] = inst_sc; > pvinfo->hcall[3] = inst_nop; > + pvinfo->flags = 0; > + memset(&pvinfo->pad, 0, sizeof(pvinfo->pad)); This should only be memset(pvinfo->pad), no? It's an array after all which automatically translates to a pointer when referenced. Alex -- To unsubscribe from this list: send the line "unsubscribe kvm" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
