This is a note to let you know that I've just added the patch titled
kvm: initialize all of the kvm_debugregs structure before sending it to userspace
to the 6.1-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
kvm-initialize-all-of-the-kvm_debugregs-structure-before-sending-it-to-userspace.patch
and it can be found in the queue-6.1 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
>From 2c10b61421a28e95a46ab489fd56c0f442ff6952 Mon Sep 17 00:00:00 2001
From: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
Date: Tue, 14 Feb 2023 11:33:04 +0100
Subject: kvm: initialize all of the kvm_debugregs structure before sending it to userspace
From: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
commit 2c10b61421a28e95a46ab489fd56c0f442ff6952 upstream.
When calling the KVM_GET_DEBUGREGS ioctl, on some configurations, there
might be some unitialized portions of the kvm_debugregs structure that
could be copied to userspace. Prevent this as is done in the other kvm
ioctls, by setting the whole structure to 0 before copying anything into
it.
Bonus is that this reduces the lines of code as the explicit flag
setting and reserved space zeroing out can be removed.
Cc: Sean Christopherson <seanjc@xxxxxxxxxx>
Cc: Paolo Bonzini <pbonzini@xxxxxxxxxx>
Cc: Thomas Gleixner <tglx@xxxxxxxxxxxxx>
Cc: Ingo Molnar <mingo@xxxxxxxxxx>
Cc: Borislav Petkov <bp@xxxxxxxxx>
Cc: Dave Hansen <dave.hansen@xxxxxxxxxxxxxxx>
Cc: <x86@xxxxxxxxxx>
Cc: "H. Peter Anvin" <hpa@xxxxxxxxx>
Cc: stable <stable@xxxxxxxxxx>
Reported-by: Xingyuan Mo <hdthky0@xxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
Message-Id: <20230214103304.3689213-1-gregkh@xxxxxxxxxxxxxxxxxxx>
Tested-by: Xingyuan Mo <hdthky0@xxxxxxxxx>
Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
arch/x86/kvm/x86.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -5250,12 +5250,11 @@ static void kvm_vcpu_ioctl_x86_get_debug
{
unsigned long val;
+ memset(dbgregs, 0, sizeof(*dbgregs));
memcpy(dbgregs->db, vcpu->arch.db, sizeof(vcpu->arch.db));
kvm_get_dr(vcpu, 6, &val);
dbgregs->dr6 = val;
dbgregs->dr7 = vcpu->arch.dr7;
- dbgregs->flags = 0;
- memset(&dbgregs->reserved, 0, sizeof(dbgregs->reserved));
}
static int kvm_vcpu_ioctl_x86_set_debugregs(struct kvm_vcpu *vcpu,
Patches currently in stable-queue which might be from gregkh@xxxxxxxxxxxxxxxxxxx are
queue-6.1/mm-filemap-fix-page-end-in-filemap_get_read_batch.patch
queue-6.1/nilfs2-fix-underflow-in-second-superblock-position-calculations.patch
queue-6.1/net-sched-tcindex-update-imperfect-hash-filters-respecting-rcu.patch
queue-6.1/mm-gup-add-folio-to-list-when-folio_isolate_lru-succeed.patch
queue-6.1/ipv6-fix-datagram-socket-connection-with-dscp.patch
queue-6.1/tracing-make-trace_define_field_ext-static.patch
queue-6.1/net-ethernet-ti-am65-cpsw-add-rx-dma-channel-teardown-quirk.patch
queue-6.1/mm-shrinkers-fix-deadlock-in-shrinker-debugfs.patch
queue-6.1/mmc-mmc_spi-fix-error-handling-in-mmc_spi_probe.patch
queue-6.1/net-usb-kalmia-don-t-pass-act_len-in-usb_bulk_msg-error-path.patch
queue-6.1/net-openvswitch-fix-possible-memory-leak-in-ovs_meter_cmd_set.patch
queue-6.1/drm-disable-dynamic-debug-as-broken.patch
queue-6.1/drm-amd-amdgpu-fix-warning-during-suspend.patch
queue-6.1/mmc-sdio-fix-possible-resource-leaks-in-some-error-paths.patch
queue-6.1/hugetlb-check-for-undefined-shift-on-32-bit-architectures.patch
queue-6.1/ata-libata-core-disable-read-log-dma-ext-for-samsung-mz7lh.patch
queue-6.1/revert-mm-always-release-pages-to-the-buddy-allocator-in-memblock_free_late.patch
queue-6.1/igb-fix-pps-input-and-output-using-3rd-and-4th-sdp.patch
queue-6.1/sched-psi-fix-use-after-free-in-ep_remove_wait_queue.patch
queue-6.1/drm-vmwgfx-stop-accessing-buffer-objects-which-failed-init.patch
queue-6.1/mmc-meson-gx-fix-sdio-mode-if-cap_sdio_irq-isn-t-set.patch
queue-6.1/ice-fix-lost-multicast-packets-in-promisc-mode.patch
queue-6.1/aio-fix-mremap-after-fork-null-deref.patch
queue-6.1/net-sched-act_ctinfo-use-percpu-stats.patch
queue-6.1/perf-x86-refuse-to-export-capabilities-for-hybrid-pmus.patch
queue-6.1/net-use-a-bounce-buffer-for-copying-skb-mark.patch
queue-6.1/gpio-sim-fix-a-memory-leak.patch
queue-6.1/freezer-umh-fix-call_usermode_helper_exec-vs-sigkill.patch
queue-6.1/alsa-hda-conexant-add-a-new-hda-codec-sn6180.patch
queue-6.1/kvm-x86-pmu-disable-vpmu-support-on-hybrid-cpus-host-pmus.patch
queue-6.1/drm-vc4-crtc-increase-setup-cost-in-core-clock-calculation-to-handle-extreme-reduced-blanking.patch
queue-6.1/ipv6-fix-tcp-socket-connection-with-dscp.patch
queue-6.1/drm-i915-gen11-wa_1408615072-wa_1407596294-should-be-on-gt-list.patch
queue-6.1/alsa-hda-realtek-enable-mute-micmute-leds-and-speaker-support-for-hp-laptops.patch
queue-6.1/revert-squashfs-harden-sanity-check-in-squashfs_read_xattr_id_table.patch
queue-6.1/ixgbe-add-double-of-vlan-header-when-computing-the-max-mtu.patch
queue-6.1/mm-extend-max-struct-page-size-for-kmsan.patch
queue-6.1/sctp-sctp_sock_filter-avoid-list_entry-on-possibly-empty-list.patch
queue-6.1/tipc-fix-kernel-warning-when-sending-syn-message.patch
queue-6.1/alsa-hda-realtek-fix-mute-micmute-leds-don-t-work-for-a-hp-platform.patch
queue-6.1/alsa-hda-realtek-fixed-wrong-gpio-assigned.patch
queue-6.1/coredump-move-dump_emit_page-to-kill-unused-warning.patch
queue-6.1/net-fix-unwanted-sign-extension-in-netdev_stats_to_stats64.patch
queue-6.1/drm-vc4-fix-yuv-plane-handling-when-planes-are-in-different-buffers.patch
queue-6.1/ixgbe-allow-to-increase-mtu-to-3k-with-xdp-enabled.patch
queue-6.1/kasan-fix-oops-due-to-missing-calls-to-kasan_arch_is_ready.patch
queue-6.1/mm-migrate-fix-wrongly-apply-write-bit-after-mkdirty-on-sparc64.patch
queue-6.1/fbdev-fix-invalid-page-access-after-closing-deferred-i-o-devices.patch
queue-6.1/mmc-jz4740-work-around-bug-on-jz4760-b.patch
queue-6.1/i40e-add-double-of-vlan-header-when-computing-the-max-mtu.patch
queue-6.1/mm-madv_collapse-set-eagain-on-unexpected-page-refcount.patch
queue-6.1/drm-vmwgfx-do-not-drop-the-reference-to-the-handle-too-soon.patch
queue-6.1/dccp-tcp-avoid-negative-sk_forward_alloc-by-ipv6_pinfo.pktoptions.patch
queue-6.1/ice-xsk-fix-cleaning-of-xdp_tx-frames.patch
queue-6.1/net-mpls-fix-stale-pointer-if-allocation-fails-during-device-rename.patch
queue-6.1/net-bgmac-fix-bcm5358-support-by-setting-correct-flags.patch
queue-6.1/alarmtimer-prevent-starvation-by-small-intervals-and-sig_ign.patch
queue-6.1/ata-ahci-add-tiger-lake-up-3-4-ahci-controller.patch
queue-6.1/igb-conditionalize-i2c-bit-banging-on-external-thermal-sensor-support.patch
queue-6.1/net-stmmac-restrict-warning-on-disabling-dma-store-and-fwd-mode.patch
queue-6.1/net-stmmac-fix-order-of-dwmac5-flexpps-parametrization-sequence.patch
queue-6.1/kvm-initialize-all-of-the-kvm_debugregs-structure-before-sending-it-to-userspace.patch
queue-6.1/vmxnet3-move-rss-code-block-under-eop-descriptor.patch
queue-6.1/drm-amd-display-fail-atomic_check-early-on-normalize_zpos-error.patch
queue-6.1/alsa-hda-fix-codec-device-field-initializan.patch
queue-6.1/nvme-pci-refresh-visible-attrs-for-cmb-attributes.patch
queue-6.1/bnxt_en-fix-mqprio-and-xdp-ring-checking-logic.patch
queue-6.1/of-reserved_mem-have-kmemleak-ignore-dynamically-allocated-reserved-mem.patch
