Skip to main content

Browse the archive

https://github.com/torvalds/linux
05 April 2024, 19:05:47 UTC
Revision 04478197416e3a302e9ebc917ba1aa884ef9bfab authored by Christian Borntraeger on 12 January 2017, 15:25:15 UTC, committed by Christian Borntraeger on 20 January 2017, 14:29:34 UTC 
KVM: s390: do not expose random data via facility bitmap
 
kvm_s390_get_machine() populates the facility bitmap by copying bytes
from the host results that are stored in a 256 byte array in the prefix
page. The KVM code does use the size of the target buffer (2k), thus
copying and exposing unrelated kernel memory (mostly machine check
related logout data).

Let's use the size of the source buffer instead.  This is ok, as the
target buffer will always be greater or equal than the source buffer as
the KVM internal buffers (and thus S390_ARCH_FAC_LIST_SIZE_BYTE) cover
the maximum possible size that is allowed by STFLE, which is 256
doublewords. All structures are zero allocated so we can leave bytes
256-2047 unchanged.

Add a similar fix for kvm_arch_init_vm().

Reported-by: Heiko Carstens <heiko.carstens@de.ibm.com>
[found with smatch]
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
CC: stable@vger.kernel.org
Acked-by: Cornelia Huck <cornelia.huck@de.ibm.com>
1 parent a121103
History
Tip revision: 04478197416e3a302e9ebc917ba1aa884ef9bfab authored by Christian Borntraeger on 12 January 2017, 15:25:15 UTC
KVM: s390: do not expose random data via facility bitmap
Tip revision: 0447819
File Mode Size
Documentation
arch
block
certs
crypto
drivers
firmware
fs
include
init
ipc
kernel
lib
mm
net
samples
scripts
security
sound
tools
usr
virt
.cocciconfig -rw-r--r-- 59 bytes
.get_maintainer.ignore -rw-r--r-- 31 bytes
.gitattributes -rw-r--r-- 30 bytes
.gitignore -rw-r--r-- 1.3 KB
.mailmap -rw-r--r-- 7.5 KB
COPYING -rw-r--r-- 18.3 KB
CREDITS -rw-r--r-- 96.0 KB
Kbuild -rw-r--r-- 2.8 KB
Kconfig -rw-r--r-- 252 bytes
MAINTAINERS -rw-r--r-- 382.0 KB
Makefile -rw-r--r-- 57.6 KB
README -rw-r--r-- 722 bytes

README

back to top