This is a note to let you know that I've just added the patch titled
kvm: initialize all of the kvm_debugregs structure before sending it to userspace
to the 5.15-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
kvm-initialize-all-of-the-kvm_debugregs-structure-before-sending-it-to-userspace.patch
and it can be found in the queue-5.15 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
>From 2c10b61421a28e95a46ab489fd56c0f442ff6952 Mon Sep 17 00:00:00 2001
From: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
Date: Tue, 14 Feb 2023 11:33:04 +0100
Subject: kvm: initialize all of the kvm_debugregs structure before sending it to userspace
From: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
commit 2c10b61421a28e95a46ab489fd56c0f442ff6952 upstream.
When calling the KVM_GET_DEBUGREGS ioctl, on some configurations, there
might be some unitialized portions of the kvm_debugregs structure that
could be copied to userspace. Prevent this as is done in the other kvm
ioctls, by setting the whole structure to 0 before copying anything into
it.
Bonus is that this reduces the lines of code as the explicit flag
setting and reserved space zeroing out can be removed.
Cc: Sean Christopherson <seanjc@xxxxxxxxxx>
Cc: Paolo Bonzini <pbonzini@xxxxxxxxxx>
Cc: Thomas Gleixner <tglx@xxxxxxxxxxxxx>
Cc: Ingo Molnar <mingo@xxxxxxxxxx>
Cc: Borislav Petkov <bp@xxxxxxxxx>
Cc: Dave Hansen <dave.hansen@xxxxxxxxxxxxxxx>
Cc: <x86@xxxxxxxxxx>
Cc: "H. Peter Anvin" <hpa@xxxxxxxxx>
Cc: stable <stable@xxxxxxxxxx>
Reported-by: Xingyuan Mo <hdthky0@xxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
Message-Id: <20230214103304.3689213-1-gregkh@xxxxxxxxxxxxxxxxxxx>
Tested-by: Xingyuan Mo <hdthky0@xxxxxxxxx>
Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
arch/x86/kvm/x86.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -4821,12 +4821,11 @@ static void kvm_vcpu_ioctl_x86_get_debug
{
unsigned long val;
+ memset(dbgregs, 0, sizeof(*dbgregs));
memcpy(dbgregs->db, vcpu->arch.db, sizeof(vcpu->arch.db));
kvm_get_dr(vcpu, 6, &val);
dbgregs->dr6 = val;
dbgregs->dr7 = vcpu->arch.dr7;
- dbgregs->flags = 0;
- memset(&dbgregs->reserved, 0, sizeof(dbgregs->reserved));
}
static int kvm_vcpu_ioctl_x86_set_debugregs(struct kvm_vcpu *vcpu,
Patches currently in stable-queue which might be from gregkh@xxxxxxxxxxxxxxxxxxx are
queue-5.15/nvmem-core-add-error-handling-for-dev_set_name.patch
queue-5.15/mm-filemap-fix-page-end-in-filemap_get_read_batch.patch
queue-5.15/nilfs2-fix-underflow-in-second-superblock-position-calculations.patch
queue-5.15/net-sched-tcindex-update-imperfect-hash-filters-respecting-rcu.patch
queue-5.15/netfilter-nft_tproxy-restrict-to-prerouting-hook.patch
queue-5.15/ipv6-fix-datagram-socket-connection-with-dscp.patch
queue-5.15/nvmem-core-fix-registration-vs-use-race.patch
queue-5.15/net-ethernet-ti-am65-cpsw-add-rx-dma-channel-teardown-quirk.patch
queue-5.15/mmc-mmc_spi-fix-error-handling-in-mmc_spi_probe.patch
queue-5.15/selftest-lkdtm-skip-stack-entropy-test-if-lkdtm-is-not-available.patch
queue-5.15/platform-x86-amd-pmc-export-idlemask-values-based-on-the-apu.patch
queue-5.15/net-usb-kalmia-don-t-pass-act_len-in-usb_bulk_msg-error-path.patch
queue-5.15/net-openvswitch-fix-possible-memory-leak-in-ovs_meter_cmd_set.patch
queue-5.15/mmc-sdio-fix-possible-resource-leaks-in-some-error-paths.patch
queue-5.15/hugetlb-check-for-undefined-shift-on-32-bit-architectures.patch
queue-5.15/revert-mm-always-release-pages-to-the-buddy-allocator-in-memblock_free_late.patch
queue-5.15/sched-psi-fix-use-after-free-in-ep_remove_wait_queue.patch
queue-5.15/aio-fix-mremap-after-fork-null-deref.patch
queue-5.15/platform-x86-amd-pmc-fix-compilation-when-config_debugfs-is-disabled.patch
queue-5.15/alsa-hda-conexant-add-a-new-hda-codec-sn6180.patch
queue-5.15/mptcp-do-not-wait-for-bare-sockets-timeout.patch
queue-5.15/ipv6-fix-tcp-socket-connection-with-dscp.patch
queue-5.15/platform-x86-amd-pmc-disable-irq1-wakeup-for-rn-czn.patch
queue-5.15/revert-squashfs-harden-sanity-check-in-squashfs_read_xattr_id_table.patch
queue-5.15/ixgbe-add-double-of-vlan-header-when-computing-the-max-mtu.patch
queue-5.15/sctp-sctp_sock_filter-avoid-list_entry-on-possibly-empty-list.patch
queue-5.15/alsa-hda-realtek-fixed-wrong-gpio-assigned.patch
queue-5.15/net-fix-unwanted-sign-extension-in-netdev_stats_to_stats64.patch
queue-5.15/ixgbe-allow-to-increase-mtu-to-3k-with-xdp-enabled.patch
queue-5.15/mmc-jz4740-work-around-bug-on-jz4760-b.patch
queue-5.15/i40e-add-double-of-vlan-header-when-computing-the-max-mtu.patch
queue-5.15/dccp-tcp-avoid-negative-sk_forward_alloc-by-ipv6_pinfo.pktoptions.patch
queue-5.15/net-mpls-fix-stale-pointer-if-allocation-fails-during-device-rename.patch
queue-5.15/net-bgmac-fix-bcm5358-support-by-setting-correct-flags.patch
queue-5.15/alarmtimer-prevent-starvation-by-small-intervals-and-sig_ign.patch
queue-5.15/platform-x86-amd-pmc-correct-usage-of-smu-version.patch
queue-5.15/net-stmmac-restrict-warning-on-disabling-dma-store-and-fwd-mode.patch
queue-5.15/net-stmmac-fix-order-of-dwmac5-flexpps-parametrization-sequence.patch
queue-5.15/kvm-initialize-all-of-the-kvm_debugregs-structure-before-sending-it-to-userspace.patch
queue-5.15/nvmem-core-fix-return-value.patch
queue-5.15/drm-amd-display-fail-atomic_check-early-on-normalize_zpos-error.patch
queue-5.15/bnxt_en-fix-mqprio-and-xdp-ring-checking-logic.patch
queue-5.15/of-reserved_mem-have-kmemleak-ignore-dynamically-allocated-reserved-mem.patch
queue-5.15/tcp-fix-listen-regression-in-5.15.88.patch
queue-5.15/nvmem-core-fix-cleanup-after-dev_set_name.patch
