diff mbox

powerpc: kvm: fix information leak to userland

Message ID 1288429464-21763-1-git-send-email-segooon@gmail.com (mailing list archive)
State Superseded
Headers show

Commit Message

Kulikov Vasiliy Oct. 30, 2010, 9:04 a.m. UTC 
Structure kvm_ppc_pvinfo is copied to userland with flags and
pad fields unitialized.  It leads to leaking of contents of
kernel stack memory.

Signed-off-by: Vasiliy Kulikov <segooon@gmail.com>
---
 I cannot compile this driver, so it is not tested at all.

 arch/powerpc/kvm/powerpc.c |    1 +
 1 files changed, 1 insertions(+), 0 deletions(-)

Comments

Marcelo Tosatti Nov. 1, 2010, 5:19 p.m. UTC | #1 
On Sat, Oct 30, 2010 at 01:04:24PM +0400, Vasiliy Kulikov wrote:
> Structure kvm_ppc_pvinfo is copied to userland with flags and
> pad fields unitialized.  It leads to leaking of contents of
> kernel stack memory.
> 
> Signed-off-by: Vasiliy Kulikov <segooon@gmail.com>
> ---
>  I cannot compile this driver, so it is not tested at all.
> 
>  arch/powerpc/kvm/powerpc.c |    1 +
>  1 files changed, 1 insertions(+), 0 deletions(-)

Applied, thanks.
diff mbox

Patch

diff --git a/arch/powerpc/kvm/powerpc.c b/arch/powerpc/kvm/powerpc.c
index 2f87a16..38f756f 100644
--- a/arch/powerpc/kvm/powerpc.c
+++ b/arch/powerpc/kvm/powerpc.c
@@ -617,6 +617,7 @@  long kvm_arch_vm_ioctl(struct file *filp,
 	switch (ioctl) {
 	case KVM_PPC_GET_PVINFO: {
 		struct kvm_ppc_pvinfo pvinfo;
+		memset(&pvinfo, 0, sizeof(pvinfo));
 		r = kvm_vm_ioctl_get_pvinfo(&pvinfo);
 		if (copy_to_user(argp, &pvinfo, sizeof(pvinfo))) {
 			r = -EFAULT;