This is a note to let you know that I've just added the patch titled KVM: x86: Fix misplaced backport of "work around leak of uninitialized stack contents" to the 4.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: kvm-x86-fix-misplaced-backport-of-work-around-leak-of-uninitialized-stack-contents.patch and it can be found in the queue-4.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable@xxxxxxxxxxxxxxx> know about it. >From guillaume.bertholon@xxxxxx Tue Feb 1 18:51:26 2022 From: Guillaume Bertholon <guillaume.bertholon@xxxxxx> Date: Tue, 1 Feb 2022 18:17:51 +0100 Subject: KVM: x86: Fix misplaced backport of "work around leak of uninitialized stack contents" To: gregkh@xxxxxxxxxxxxxxxxxxx Cc: stable@xxxxxxxxxxxxxxx, Guillaume Bertholon <guillaume.bertholon@xxxxxx> Message-ID: <1643735871-15065-1-git-send-email-guillaume.bertholon@xxxxxx> From: Guillaume Bertholon <guillaume.bertholon@xxxxxx> The upstream commit 541ab2aeb282 ("KVM: x86: work around leak of uninitialized stack contents") resets `exception` in the function `kvm_write_guest_virt_system`. However, its backported version in stable (commit ba7f1c934f2e ("KVM: x86: work around leak of uninitialized stack contents")) applied the change in `emulator_write_std` instead. This patch moves the memset instruction back to `kvm_write_guest_virt_system`. Fixes: ba7f1c934f2e ("KVM: x86: work around leak of uninitialized stack contents") Signed-off-by: Guillaume Bertholon <guillaume.bertholon@xxxxxx> Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> --- arch/x86/kvm/x86.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -4417,13 +4417,6 @@ static int emulator_write_std(struct x86 if (!system && kvm_x86_ops->get_cpl(vcpu) == 3) access |= PFERR_USER_MASK; - /* - * FIXME: this should call handle_emulation_failure if X86EMUL_IO_NEEDED - * is returned, but our callers are not ready for that and they blindly - * call kvm_inject_page_fault. Ensure that they at least do not leak - * uninitialized kernel stack memory into cr2 and error code. - */ - memset(exception, 0, sizeof(*exception)); return kvm_write_guest_virt_helper(addr, val, bytes, vcpu, access, exception); } @@ -4431,6 +4424,13 @@ static int emulator_write_std(struct x86 int kvm_write_guest_virt_system(struct kvm_vcpu *vcpu, gva_t addr, void *val, unsigned int bytes, struct x86_exception *exception) { + /* + * FIXME: this should call handle_emulation_failure if X86EMUL_IO_NEEDED + * is returned, but our callers are not ready for that and they blindly + * call kvm_inject_page_fault. Ensure that they at least do not leak + * uninitialized kernel stack memory into cr2 and error code. + */ + memset(exception, 0, sizeof(*exception)); return kvm_write_guest_virt_helper(addr, val, bytes, vcpu, PFERR_WRITE_MASK, exception); } Patches currently in stable-queue which might be from guillaume.bertholon@xxxxxx are queue-4.4/bluetooth-mgmt-fix-misplaced-bt_hs-check.patch queue-4.4/revert-tc358743-fix-register-i2c_rd-wr-function-fix.patch queue-4.4/kvm-x86-fix-misplaced-backport-of-work-around-leak-of-uninitialized-stack-contents.patch queue-4.4/revert-drm-radeon-ci-disable-mclk-switching-for-high-refresh-rates-v2.patch