This is a note to let you know that I've just added the patch titled
kvm: initialize all of the kvm_debugregs structure before sending it to userspace
to the 5.4-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
kvm-initialize-all-of-the-kvm_debugregs-structure-before-sending-it-to-userspace.patch
and it can be found in the queue-5.4 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
>From 2c10b61421a28e95a46ab489fd56c0f442ff6952 Mon Sep 17 00:00:00 2001
From: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
Date: Tue, 14 Feb 2023 11:33:04 +0100
Subject: kvm: initialize all of the kvm_debugregs structure before sending it to userspace
From: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
commit 2c10b61421a28e95a46ab489fd56c0f442ff6952 upstream.
When calling the KVM_GET_DEBUGREGS ioctl, on some configurations, there
might be some unitialized portions of the kvm_debugregs structure that
could be copied to userspace. Prevent this as is done in the other kvm
ioctls, by setting the whole structure to 0 before copying anything into
it.
Bonus is that this reduces the lines of code as the explicit flag
setting and reserved space zeroing out can be removed.
Cc: Sean Christopherson <seanjc@xxxxxxxxxx>
Cc: Paolo Bonzini <pbonzini@xxxxxxxxxx>
Cc: Thomas Gleixner <tglx@xxxxxxxxxxxxx>
Cc: Ingo Molnar <mingo@xxxxxxxxxx>
Cc: Borislav Petkov <bp@xxxxxxxxx>
Cc: Dave Hansen <dave.hansen@xxxxxxxxxxxxxxx>
Cc: <x86@xxxxxxxxxx>
Cc: "H. Peter Anvin" <hpa@xxxxxxxxx>
Cc: stable <stable@xxxxxxxxxx>
Reported-by: Xingyuan Mo <hdthky0@xxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
Message-Id: <20230214103304.3689213-1-gregkh@xxxxxxxxxxxxxxxxxxx>
Tested-by: Xingyuan Mo <hdthky0@xxxxxxxxx>
Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
arch/x86/kvm/x86.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -3948,12 +3948,11 @@ static void kvm_vcpu_ioctl_x86_get_debug
{
unsigned long val;
+ memset(dbgregs, 0, sizeof(*dbgregs));
memcpy(dbgregs->db, vcpu->arch.db, sizeof(vcpu->arch.db));
kvm_get_dr(vcpu, 6, &val);
dbgregs->dr6 = val;
dbgregs->dr7 = vcpu->arch.dr7;
- dbgregs->flags = 0;
- memset(&dbgregs->reserved, 0, sizeof(dbgregs->reserved));
}
static int kvm_vcpu_ioctl_x86_set_debugregs(struct kvm_vcpu *vcpu,
Patches currently in stable-queue which might be from gregkh@xxxxxxxxxxxxxxxxxxx are
queue-5.4/nilfs2-fix-underflow-in-second-superblock-position-calculations.patch
queue-5.4/riscv-disable-generation-of-unwind-tables.patch
queue-5.4/usb-core-add-quirk-for-alcor-link-ak9563-smartcard-reader.patch
queue-5.4/migrate-hugetlb-check-for-hugetlb-shared-pmd-in-node-migration.patch
queue-5.4/xfs-remove-the-xfs_efd_log_item_t-typedef.patch
queue-5.4/usb-dwc3-qcom-enable-vbus-override-when-in-otg-dr-mo.patch
queue-5.4/fbcon-check-font-dimension-limits.patch
queue-5.4/netfilter-nft_tproxy-restrict-to-prerouting-hook.patch
queue-5.4/ipv6-fix-datagram-socket-connection-with-dscp.patch
queue-5.4/xfs-change-the-order-in-which-child-and-parent-defer-ops-are-finished.patch
queue-5.4/mmc-mmc_spi-fix-error-handling-in-mmc_spi_probe.patch
queue-5.4/xfs-refactor-xfs_defer_finish_noroll.patch
queue-5.4/xfs-sync-lazy-sb-accounting-on-quiesce-of-read-only-mounts.patch
queue-5.4/vc_screen-move-load-of-struct-vc_data-pointer-in-vcs.patch
queue-5.4/can-j1939-do-not-wait-250-ms-if-the-same-addr-was-already-claimed.patch
queue-5.4/net-usb-kalmia-don-t-pass-act_len-in-usb_bulk_msg-error-path.patch
queue-5.4/ceph-flush-cap-releases-when-the-session-is-flushed.patch
queue-5.4/riscv-fixup-race-condition-on-pg_dcache_clean-in-flush_icache_pte.patch
queue-5.4/xfs-clean-up-xfs_bui_item_recover-iget-trans_alloc-ilock-ordering.patch
queue-5.4/watchdog-diag288_wdt-do-not-use-stack-buffers-for-hardware-data.patch
queue-5.4/xfs-xfs_defer_capture-should-absorb-remaining-block-reservations.patch
queue-5.4/tracing-fix-poll-and-select-do-not-work-on-per_cpu-trace_pipe-and-trace_pipe_raw.patch
queue-5.4/btrfs-free-device-in-btrfs_close_devices-for-a-single-device-filesystem.patch
queue-5.4/mmc-sdio-fix-possible-resource-leaks-in-some-error-paths.patch
queue-5.4/hugetlb-check-for-undefined-shift-on-32-bit-architectures.patch
queue-5.4/xfs-factor-out-a-xfs_defer_create_intent-helper.patch
queue-5.4/revert-mm-always-release-pages-to-the-buddy-allocator-in-memblock_free_late.patch
queue-5.4/xfs-turn-dfp_intent-into-a-xfs_log_item.patch
queue-5.4/serial-8250_dma-fix-dma-rx-rearm-race.patch
queue-5.4/sched-psi-fix-use-after-free-in-ep_remove_wait_queue.patch
queue-5.4/btrfs-zlib-zero-initialize-zlib-workspace.patch
queue-5.4/aio-fix-mremap-after-fork-null-deref.patch
queue-5.4/mm-swapfile-add-cond_resched-in-get_swap_pages.patch
queue-5.4/xfs-fix-finobt-btree-block-recovery-ordering.patch
queue-5.4/iio-adc-twl6030-enable-measurements-of-vusb-vbat-and-others.patch
queue-5.4/bpf-always-return-target-ifindex-in-bpf_fib_lookup.patch
queue-5.4/net-usb-fix-wrong-direction-warning-in-plusb.c.patch
queue-5.4/xfs-xfs_defer_capture-should-absorb-remaining-transaction-reservation.patch
queue-5.4/alsa-hda-conexant-add-a-new-hda-codec-sn6180.patch
queue-5.4/efi-accept-version-2-of-memory-attributes-table.patch
queue-5.4/ipv6-fix-tcp-socket-connection-with-dscp.patch
queue-5.4/mm-swap-properly-update-readahead-statistics-in-unuse_pte_range.patch
queue-5.4/firewire-fix-memory-leak-for-payload-of-request-subaction-to-iec-61883-1-fcp-region.patch
queue-5.4/revert-squashfs-harden-sanity-check-in-squashfs_read_xattr_id_table.patch
queue-5.4/ixgbe-add-double-of-vlan-header-when-computing-the-max-mtu.patch
queue-5.4/ipv4-fix-incorrect-route-flushing-when-source-address-is-deleted.patch
queue-5.4/sctp-sctp_sock_filter-avoid-list_entry-on-possibly-empty-list.patch
queue-5.4/arm64-dts-meson-gx-make-mmc-host-controller-interrupts-level-sensitive.patch
queue-5.4/alsa-hda-realtek-fixed-wrong-gpio-assigned.patch
queue-5.4/xfs-merge-the-diff_items-defer-op-into-create_intent.patch
queue-5.4/xfs-prevent-uaf-in-xfs_log_item_in_current_chkpt.patch
queue-5.4/serial-8250_dma-fix-dma-rx-completion-race.patch
queue-5.4/net-fix-unwanted-sign-extension-in-netdev_stats_to_stats64.patch
queue-5.4/usb-typec-altmodes-displayport-fix-probe-pin-assign-check.patch
queue-5.4/ixgbe-allow-to-increase-mtu-to-3k-with-xdp-enabled.patch
queue-5.4/fbdev-smscufx-fix-error-handling-code-in-ufx_usb_probe.patch
queue-5.4/xfs-fix-missing-cow-blocks-writeback-conversion-retry.patch
queue-5.4/nvme-pci-move-enumeration-by-class-to-be-last-in-the-table.patch
queue-5.4/powerpc-imc-pmu-revert-nest_init_lock-to-being-a-mutex.patch
queue-5.4/iio-adc-berlin2-adc-add-missing-of_node_put-in-error-path.patch
queue-5.4/xfs-remove-the-xfs_efi_log_item_t-typedef.patch
queue-5.4/i40e-add-double-of-vlan-header-when-computing-the-max-mtu.patch
queue-5.4/xfs-only-relog-deferred-intent-items-if-free-space-in-the-log-gets-low.patch
queue-5.4/xfs-proper-replay-of-deferred-ops-queued-during-log-recovery.patch
queue-5.4/xprtrdma-fix-regbuf-data-not-freed-in-rpcrdma_req_create.patch
queue-5.4/xfs-clean-up-bmap-intent-item-recovery-checking.patch
queue-5.4/dccp-tcp-avoid-negative-sk_forward_alloc-by-ipv6_pinfo.pktoptions.patch
queue-5.4/net-mpls-fix-stale-pointer-if-allocation-fails-during-device-rename.patch
queue-5.4/net-bgmac-fix-bcm5358-support-by-setting-correct-flags.patch
queue-5.4/arm64-dts-meson-axg-make-mmc-host-controller-interrupts-level-sensitive.patch
queue-5.4/btrfs-limit-device-extents-to-the-device-size.patch
queue-5.4/xfs-fix-the-forward-progress-assertion-in-xfs_iwalk_run_callbacks.patch
queue-5.4/nvmem-core-fix-cell-removal-on-error.patch
queue-5.4/net-stmmac-restrict-warning-on-disabling-dma-store-and-fwd-mode.patch
queue-5.4/net-stmmac-fix-order-of-dwmac5-flexpps-parametrization-sequence.patch
queue-5.4/xfs-log-new-intent-items-created-as-part-of-finishing-recovered-intent-items.patch
queue-5.4/xfs-ensure-inobt-record-walks-always-make-forward-progress.patch
queue-5.4/kvm-initialize-all-of-the-kvm_debugregs-structure-before-sending-it-to-userspace.patch
queue-5.4/mm-hugetlb-proc-check-for-hugetlb-shared-pmd-in-proc-pid-smaps.patch
queue-5.4/iio-hid-fix-the-retval-in-accel_3d_capture_sample.patch
queue-5.4/xfs-remove-the-xfs_inode_log_item_t-typedef.patch
queue-5.4/alsa-emux-avoid-potential-array-out-of-bound-in-snd_emux_xg_control.patch
queue-5.4/xfs-fix-an-incore-inode-uaf-in-xfs_bui_recover.patch
queue-5.4/watchdog-diag288_wdt-fix-__diag288-inline-assembly.patch
queue-5.4/parisc-wire-up-ptrace_getregs-ptrace_setregs-for-compat-case.patch
queue-5.4/fpga-stratix10-soc-fix-return-value-check-in-s10_ops_write_init.patch
queue-5.4/parisc-fix-return-code-of-pdc_iodc_print.patch
queue-5.4/f2fs-fix-to-do-sanity-check-on-i_extra_isize-in-is_alive.patch
queue-5.4/xfs-expose-the-log-push-threshold.patch
queue-5.4/usb-gadget-f_fs-fix-unbalanced-spinlock-in-__ffs_ep0.patch
queue-5.4/usb-dwc3-dwc3-qcom-fix-typo-in-the-dwc3-vbus-overrid.patch
queue-5.4/squashfs-fix-handling-and-sanity-checking-of-xattr_ids-count.patch
queue-5.4/xfs-periodically-relog-deferred-intent-items.patch
queue-5.4/revert-ipv4-fix-incorrect-route-flushing-when-source-address-is-deleted.patch
queue-5.4/bnxt_en-fix-mqprio-and-xdp-ring-checking-logic.patch
queue-5.4/wifi-brcmfmac-check-the-count-value-of-channel-spec-to-prevent-out-of-bounds-reads.patch
queue-5.4/arm64-dts-meson-g12-common-make-mmc-host-controller-interrupts-level-sensitive.patch
queue-5.4/xfs-merge-the-log_item-defer-op-into-create_intent.patch
