This is a note to let you know that I've just added the patch titled
kvm: initialize all of the kvm_debugregs structure before sending it to userspace
to the 4.19-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
kvm-initialize-all-of-the-kvm_debugregs-structure-before-sending-it-to-userspace.patch
and it can be found in the queue-4.19 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
>From 2c10b61421a28e95a46ab489fd56c0f442ff6952 Mon Sep 17 00:00:00 2001
From: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
Date: Tue, 14 Feb 2023 11:33:04 +0100
Subject: kvm: initialize all of the kvm_debugregs structure before sending it to userspace
From: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
commit 2c10b61421a28e95a46ab489fd56c0f442ff6952 upstream.
When calling the KVM_GET_DEBUGREGS ioctl, on some configurations, there
might be some unitialized portions of the kvm_debugregs structure that
could be copied to userspace. Prevent this as is done in the other kvm
ioctls, by setting the whole structure to 0 before copying anything into
it.
Bonus is that this reduces the lines of code as the explicit flag
setting and reserved space zeroing out can be removed.
Cc: Sean Christopherson <seanjc@xxxxxxxxxx>
Cc: Paolo Bonzini <pbonzini@xxxxxxxxxx>
Cc: Thomas Gleixner <tglx@xxxxxxxxxxxxx>
Cc: Ingo Molnar <mingo@xxxxxxxxxx>
Cc: Borislav Petkov <bp@xxxxxxxxx>
Cc: Dave Hansen <dave.hansen@xxxxxxxxxxxxxxx>
Cc: <x86@xxxxxxxxxx>
Cc: "H. Peter Anvin" <hpa@xxxxxxxxx>
Cc: stable <stable@xxxxxxxxxx>
Reported-by: Xingyuan Mo <hdthky0@xxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
Message-Id: <20230214103304.3689213-1-gregkh@xxxxxxxxxxxxxxxxxxx>
Tested-by: Xingyuan Mo <hdthky0@xxxxxxxxx>
Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
arch/x86/kvm/x86.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -3637,12 +3637,11 @@ static void kvm_vcpu_ioctl_x86_get_debug
{
unsigned long val;
+ memset(dbgregs, 0, sizeof(*dbgregs));
memcpy(dbgregs->db, vcpu->arch.db, sizeof(vcpu->arch.db));
kvm_get_dr(vcpu, 6, &val);
dbgregs->dr6 = val;
dbgregs->dr7 = vcpu->arch.dr7;
- dbgregs->flags = 0;
- memset(&dbgregs->reserved, 0, sizeof(dbgregs->reserved));
}
static int kvm_vcpu_ioctl_x86_set_debugregs(struct kvm_vcpu *vcpu,
Patches currently in stable-queue which might be from gregkh@xxxxxxxxxxxxxxxxxxx are
queue-4.19/nilfs2-fix-underflow-in-second-superblock-position-calculations.patch
queue-4.19/riscv-disable-generation-of-unwind-tables.patch
queue-4.19/usb-core-add-quirk-for-alcor-link-ak9563-smartcard-reader.patch
queue-4.19/migrate-hugetlb-check-for-hugetlb-shared-pmd-in-node-migration.patch
queue-4.19/usb-dwc3-qcom-enable-vbus-override-when-in-otg-dr-mo.patch
queue-4.19/fbcon-check-font-dimension-limits.patch
queue-4.19/netfilter-nft_tproxy-restrict-to-prerouting-hook.patch
queue-4.19/ipv6-fix-datagram-socket-connection-with-dscp.patch
queue-4.19/revert-x86-fpu-use-_alignof-to-avoid-undefined-behavior-in-type_align.patch
queue-4.19/vc_screen-move-load-of-struct-vc_data-pointer-in-vcs.patch
queue-4.19/net-usb-kalmia-don-t-pass-act_len-in-usb_bulk_msg-error-path.patch
queue-4.19/riscv-fixup-race-condition-on-pg_dcache_clean-in-flush_icache_pte.patch
queue-4.19/watchdog-diag288_wdt-do-not-use-stack-buffers-for-hardware-data.patch
queue-4.19/mmc-sdio-fix-possible-resource-leaks-in-some-error-paths.patch
queue-4.19/hugetlb-check-for-undefined-shift-on-32-bit-architectures.patch
queue-4.19/serial-8250_dma-fix-dma-rx-rearm-race.patch
queue-4.19/aio-fix-mremap-after-fork-null-deref.patch
queue-4.19/mm-swapfile-add-cond_resched-in-get_swap_pages.patch
queue-4.19/iio-adc-twl6030-enable-measurements-of-vusb-vbat-and-others.patch
queue-4.19/bpf-always-return-target-ifindex-in-bpf_fib_lookup.patch
queue-4.19/net-usb-fix-wrong-direction-warning-in-plusb.c.patch
queue-4.19/alsa-hda-conexant-add-a-new-hda-codec-sn6180.patch
queue-4.19/efi-accept-version-2-of-memory-attributes-table.patch
queue-4.19/ipv6-fix-tcp-socket-connection-with-dscp.patch
queue-4.19/firewire-fix-memory-leak-for-payload-of-request-subaction-to-iec-61883-1-fcp-region.patch
queue-4.19/revert-squashfs-harden-sanity-check-in-squashfs_read_xattr_id_table.patch
queue-4.19/arm64-dts-meson-gx-make-mmc-host-controller-interrupts-level-sensitive.patch
queue-4.19/alsa-hda-realtek-fixed-wrong-gpio-assigned.patch
queue-4.19/serial-8250_dma-fix-dma-rx-completion-race.patch
queue-4.19/thermal-intel-int340x-add-locking-to-int340x_thermal_get_trip_type.patch
queue-4.19/usb-typec-altmodes-displayport-fix-probe-pin-assign-check.patch
queue-4.19/iio-adc-berlin2-adc-add-missing-of_node_put-in-error-path.patch
queue-4.19/i40e-add-double-of-vlan-header-when-computing-the-max-mtu.patch
queue-4.19/dccp-tcp-avoid-negative-sk_forward_alloc-by-ipv6_pinfo.pktoptions.patch
queue-4.19/net-mpls-fix-stale-pointer-if-allocation-fails-during-device-rename.patch
queue-4.19/net-bgmac-fix-bcm5358-support-by-setting-correct-flags.patch
queue-4.19/arm64-dts-meson-axg-make-mmc-host-controller-interrupts-level-sensitive.patch
queue-4.19/btrfs-limit-device-extents-to-the-device-size.patch
queue-4.19/net-stmmac-restrict-warning-on-disabling-dma-store-and-fwd-mode.patch
queue-4.19/net-stmmac-fix-order-of-dwmac5-flexpps-parametrization-sequence.patch
queue-4.19/kvm-initialize-all-of-the-kvm_debugregs-structure-before-sending-it-to-userspace.patch
queue-4.19/mm-hugetlb-proc-check-for-hugetlb-shared-pmd-in-proc-pid-smaps.patch
queue-4.19/iio-hid-fix-the-retval-in-accel_3d_capture_sample.patch
queue-4.19/alsa-emux-avoid-potential-array-out-of-bound-in-snd_emux_xg_control.patch
queue-4.19/watchdog-diag288_wdt-fix-__diag288-inline-assembly.patch
queue-4.19/parisc-wire-up-ptrace_getregs-ptrace_setregs-for-compat-case.patch
queue-4.19/parisc-fix-return-code-of-pdc_iodc_print.patch
queue-4.19/usb-gadget-f_fs-fix-unbalanced-spinlock-in-__ffs_ep0.patch
queue-4.19/usb-dwc3-dwc3-qcom-fix-typo-in-the-dwc3-vbus-overrid.patch
queue-4.19/squashfs-fix-handling-and-sanity-checking-of-xattr_ids-count.patch
queue-4.19/bnxt_en-fix-mqprio-and-xdp-ring-checking-logic.patch
