[PATCH 4.4 25/25] KVM: x86: Fix misplaced backport of "work around leak of uninitialized stack contents"

From: Greg Kroah-Hartman
Date: Tue Feb 01 2022 - 13:18:22 EST

Next message: Greg Kroah-Hartman: "[PATCH 4.4 03/25] s390/hypfs: include z/VM guests with access control group set"
Previous message: Greg Kroah-Hartman: "[PATCH 4.4 24/25] Revert "tc358743: fix register i2c_rd/wr function fix""
In reply to: Greg Kroah-Hartman: "[PATCH 4.4 24/25] Revert "tc358743: fix register i2c_rd/wr function fix""
Next in thread: Greg Kroah-Hartman: "[PATCH 4.4 03/25] s390/hypfs: include z/VM guests with access control group set"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Guillaume Bertholon <guillaume.bertholon@xxxxxx>

The upstream commit 541ab2aeb282 ("KVM: x86: work around leak of
uninitialized stack contents") resets `exception` in the function
`kvm_write_guest_virt_system`.
However, its backported version in stable (commit ba7f1c934f2e
("KVM: x86: work around leak of uninitialized stack contents")) applied
the change in `emulator_write_std` instead.

This patch moves the memset instruction back to
`kvm_write_guest_virt_system`.

Fixes: ba7f1c934f2e ("KVM: x86: work around leak of uninitialized stack contents")
Signed-off-by: Guillaume Bertholon <guillaume.bertholon@xxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
arch/x86/kvm/x86.c | 14 +++++++-------
1 file changed, 7 insertions(+), 7 deletions(-)

--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -4417,13 +4417,6 @@ static int emulator_write_std(struct x86
if (!system && kvm_x86_ops->get_cpl(vcpu) == 3)
access |= PFERR_USER_MASK;

- /*
- * FIXME: this should call handle_emulation_failure if X86EMUL_IO_NEEDED
- * is returned, but our callers are not ready for that and they blindly
- * call kvm_inject_page_fault. Ensure that they at least do not leak
- * uninitialized kernel stack memory into cr2 and error code.
- */
- memset(exception, 0, sizeof(*exception));
return kvm_write_guest_virt_helper(addr, val, bytes, vcpu,
access, exception);
}
@@ -4431,6 +4424,13 @@ static int emulator_write_std(struct x86
int kvm_write_guest_virt_system(struct kvm_vcpu *vcpu, gva_t addr, void *val,
unsigned int bytes, struct x86_exception *exception)
{
+ /*
+ * FIXME: this should call handle_emulation_failure if X86EMUL_IO_NEEDED
+ * is returned, but our callers are not ready for that and they blindly
+ * call kvm_inject_page_fault. Ensure that they at least do not leak
+ * uninitialized kernel stack memory into cr2 and error code.
+ */
+ memset(exception, 0, sizeof(*exception));
return kvm_write_guest_virt_helper(addr, val, bytes, vcpu,
PFERR_WRITE_MASK, exception);
}

Next message: Greg Kroah-Hartman: "[PATCH 4.4 03/25] s390/hypfs: include z/VM guests with access control group set"
Previous message: Greg Kroah-Hartman: "[PATCH 4.4 24/25] Revert "tc358743: fix register i2c_rd/wr function fix""
In reply to: Greg Kroah-Hartman: "[PATCH 4.4 24/25] Revert "tc358743: fix register i2c_rd/wr function fix""
Next in thread: Greg Kroah-Hartman: "[PATCH 4.4 03/25] s390/hypfs: include z/VM guests with access control group set"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]