This is a note to let you know that I've just added the patch titled
kvm: initialize all of the kvm_debugregs structure before sending it to userspace
to the 4.14-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
kvm-initialize-all-of-the-kvm_debugregs-structure-before-sending-it-to-userspace.patch
and it can be found in the queue-4.14 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
>From 2c10b61421a28e95a46ab489fd56c0f442ff6952 Mon Sep 17 00:00:00 2001
From: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
Date: Tue, 14 Feb 2023 11:33:04 +0100
Subject: kvm: initialize all of the kvm_debugregs structure before sending it to userspace
From: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
commit 2c10b61421a28e95a46ab489fd56c0f442ff6952 upstream.
When calling the KVM_GET_DEBUGREGS ioctl, on some configurations, there
might be some unitialized portions of the kvm_debugregs structure that
could be copied to userspace. Prevent this as is done in the other kvm
ioctls, by setting the whole structure to 0 before copying anything into
it.
Bonus is that this reduces the lines of code as the explicit flag
setting and reserved space zeroing out can be removed.
Cc: Sean Christopherson <seanjc@xxxxxxxxxx>
Cc: Paolo Bonzini <pbonzini@xxxxxxxxxx>
Cc: Thomas Gleixner <tglx@xxxxxxxxxxxxx>
Cc: Ingo Molnar <mingo@xxxxxxxxxx>
Cc: Borislav Petkov <bp@xxxxxxxxx>
Cc: Dave Hansen <dave.hansen@xxxxxxxxxxxxxxx>
Cc: <x86@xxxxxxxxxx>
Cc: "H. Peter Anvin" <hpa@xxxxxxxxx>
Cc: stable <stable@xxxxxxxxxx>
Reported-by: Xingyuan Mo <hdthky0@xxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
Message-Id: <20230214103304.3689213-1-gregkh@xxxxxxxxxxxxxxxxxxx>
Tested-by: Xingyuan Mo <hdthky0@xxxxxxxxx>
Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
arch/x86/kvm/x86.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -3419,12 +3419,11 @@ static void kvm_vcpu_ioctl_x86_get_debug
{
unsigned long val;
+ memset(dbgregs, 0, sizeof(*dbgregs));
memcpy(dbgregs->db, vcpu->arch.db, sizeof(vcpu->arch.db));
kvm_get_dr(vcpu, 6, &val);
dbgregs->dr6 = val;
dbgregs->dr7 = vcpu->arch.dr7;
- dbgregs->flags = 0;
- memset(&dbgregs->reserved, 0, sizeof(dbgregs->reserved));
}
static int kvm_vcpu_ioctl_x86_set_debugregs(struct kvm_vcpu *vcpu,
Patches currently in stable-queue which might be from gregkh@xxxxxxxxxxxxxxxxxxx are
queue-4.14/nilfs2-fix-underflow-in-second-superblock-position-calculations.patch
queue-4.14/usb-core-add-quirk-for-alcor-link-ak9563-smartcard-reader.patch
queue-4.14/migrate-hugetlb-check-for-hugetlb-shared-pmd-in-node-migration.patch
queue-4.14/fbcon-check-font-dimension-limits.patch
queue-4.14/ipv6-fix-datagram-socket-connection-with-dscp.patch
queue-4.14/revert-x86-fpu-use-_alignof-to-avoid-undefined-behavior-in-type_align.patch
queue-4.14/net-usb-kalmia-don-t-pass-act_len-in-usb_bulk_msg-error-path.patch
queue-4.14/watchdog-diag288_wdt-do-not-use-stack-buffers-for-hardware-data.patch
queue-4.14/mmc-sdio-fix-possible-resource-leaks-in-some-error-paths.patch
queue-4.14/hugetlb-check-for-undefined-shift-on-32-bit-architectures.patch
queue-4.14/serial-8250_dma-fix-dma-rx-rearm-race.patch
queue-4.14/aio-fix-mremap-after-fork-null-deref.patch
queue-4.14/mm-swapfile-add-cond_resched-in-get_swap_pages.patch
queue-4.14/iio-adc-twl6030-enable-measurements-of-vusb-vbat-and-others.patch
queue-4.14/net-usb-fix-wrong-direction-warning-in-plusb.c.patch
queue-4.14/alsa-hda-conexant-add-a-new-hda-codec-sn6180.patch
queue-4.14/efi-accept-version-2-of-memory-attributes-table.patch
queue-4.14/ipv6-fix-tcp-socket-connection-with-dscp.patch
queue-4.14/firewire-fix-memory-leak-for-payload-of-request-subaction-to-iec-61883-1-fcp-region.patch
queue-4.14/revert-squashfs-harden-sanity-check-in-squashfs_read_xattr_id_table.patch
queue-4.14/serial-8250_dma-fix-dma-rx-completion-race.patch
queue-4.14/iio-adc-berlin2-adc-add-missing-of_node_put-in-error-path.patch
queue-4.14/i40e-add-double-of-vlan-header-when-computing-the-max-mtu.patch
queue-4.14/dccp-tcp-avoid-negative-sk_forward_alloc-by-ipv6_pinfo.pktoptions.patch
queue-4.14/net-mpls-fix-stale-pointer-if-allocation-fails-during-device-rename.patch
queue-4.14/net-bgmac-fix-bcm5358-support-by-setting-correct-flags.patch
queue-4.14/btrfs-limit-device-extents-to-the-device-size.patch
queue-4.14/net-stmmac-restrict-warning-on-disabling-dma-store-and-fwd-mode.patch
queue-4.14/kvm-initialize-all-of-the-kvm_debugregs-structure-before-sending-it-to-userspace.patch
queue-4.14/mm-hugetlb-proc-check-for-hugetlb-shared-pmd-in-proc-pid-smaps.patch
queue-4.14/iio-hid-fix-the-retval-in-accel_3d_capture_sample.patch
queue-4.14/alsa-emux-avoid-potential-array-out-of-bound-in-snd_emux_xg_control.patch
queue-4.14/watchdog-diag288_wdt-fix-__diag288-inline-assembly.patch
queue-4.14/parisc-wire-up-ptrace_getregs-ptrace_setregs-for-compat-case.patch
queue-4.14/parisc-fix-return-code-of-pdc_iodc_print.patch
queue-4.14/usb-gadget-f_fs-fix-unbalanced-spinlock-in-__ffs_ep0.patch
queue-4.14/squashfs-fix-handling-and-sanity-checking-of-xattr_ids-count.patch
