Patch "KVM: x86: Fix misplaced backport of "work around leak of uninitialized stack contents"" has been added to the 4.4-stable tree

<gregkh@xxxxxxxxxxxxxxxxxxx> · Tue, 01 Feb 2022 18:54:13 +0100

This is a note to let you know that I've just added the patch titled

    KVM: x86: Fix misplaced backport of "work around leak of uninitialized stack contents"

to the 4.4-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     kvm-x86-fix-misplaced-backport-of-work-around-leak-of-uninitialized-stack-contents.patch
and it can be found in the queue-4.4 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.


>From guillaume.bertholon@xxxxxx  Tue Feb  1 18:51:26 2022
From: Guillaume Bertholon <guillaume.bertholon@xxxxxx>
Date: Tue,  1 Feb 2022 18:17:51 +0100
Subject: KVM: x86: Fix misplaced backport of "work around leak of uninitialized stack contents"
To: gregkh@xxxxxxxxxxxxxxxxxxx
Cc: stable@xxxxxxxxxxxxxxx, Guillaume Bertholon <guillaume.bertholon@xxxxxx>
Message-ID: <1643735871-15065-1-git-send-email-guillaume.bertholon@xxxxxx>

From: Guillaume Bertholon <guillaume.bertholon@xxxxxx>

The upstream commit 541ab2aeb282 ("KVM: x86: work around leak of
uninitialized stack contents") resets `exception` in the function
`kvm_write_guest_virt_system`.
However, its backported version in stable (commit ba7f1c934f2e
("KVM: x86: work around leak of uninitialized stack contents")) applied
the change in `emulator_write_std` instead.

This patch moves the memset instruction back to
`kvm_write_guest_virt_system`.

Fixes: ba7f1c934f2e ("KVM: x86: work around leak of uninitialized stack contents")
Signed-off-by: Guillaume Bertholon <guillaume.bertholon@xxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
 arch/x86/kvm/x86.c |   14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -4417,13 +4417,6 @@ static int emulator_write_std(struct x86
 	if (!system && kvm_x86_ops->get_cpl(vcpu) == 3)
 		access |= PFERR_USER_MASK;
 
-	/*
-	 * FIXME: this should call handle_emulation_failure if X86EMUL_IO_NEEDED
-	 * is returned, but our callers are not ready for that and they blindly
-	 * call kvm_inject_page_fault.  Ensure that they at least do not leak
-	 * uninitialized kernel stack memory into cr2 and error code.
-	 */
-	memset(exception, 0, sizeof(*exception));
 	return kvm_write_guest_virt_helper(addr, val, bytes, vcpu,
 					   access, exception);
 }
@@ -4431,6 +4424,13 @@ static int emulator_write_std(struct x86
 int kvm_write_guest_virt_system(struct kvm_vcpu *vcpu, gva_t addr, void *val,
 				unsigned int bytes, struct x86_exception *exception)
 {
+	/*
+	 * FIXME: this should call handle_emulation_failure if X86EMUL_IO_NEEDED
+	 * is returned, but our callers are not ready for that and they blindly
+	 * call kvm_inject_page_fault.  Ensure that they at least do not leak
+	 * uninitialized kernel stack memory into cr2 and error code.
+	 */
+	memset(exception, 0, sizeof(*exception));
 	return kvm_write_guest_virt_helper(addr, val, bytes, vcpu,
 					   PFERR_WRITE_MASK, exception);
 }


Patches currently in stable-queue which might be from guillaume.bertholon@xxxxxx are

queue-4.4/bluetooth-mgmt-fix-misplaced-bt_hs-check.patch
queue-4.4/revert-tc358743-fix-register-i2c_rd-wr-function-fix.patch
queue-4.4/kvm-x86-fix-misplaced-backport-of-work-around-leak-of-uninitialized-stack-contents.patch
queue-4.4/revert-drm-radeon-ci-disable-mclk-switching-for-high-refresh-rates-v2.patch






