Revision - 1d6a821 - arm/arm64: KVM: Feed initialized memory to MMIO accesses

Revision 1d6a821277aaa0cdd666278aaff93298df313d41 authored by Marc Zyngier on 15 February 2016, 17:04:04 UTC, committed by Marc Zyngier on 24 February 2016, 11:53:09 UTC

arm/arm64: KVM: Feed initialized memory to MMIO accesses

On an MMIO access, we always copy the on-stack buffer info
the shared "run" structure, even if this is a read access.
This ends up leaking up to 8 bytes of uninitialized memory
into userspace, depending on the size of the access.

An obvious fix for this one is to only perform the copy if
this is an actual write.

Reviewed-by: Christoffer Dall <christoffer.dall@linaro.org>
Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>

1 parent 236cf17

Files
Changes

Permalinks

File	Mode	Size
9p
adfs
affs
afs
autofs4
befs
bfs
btrfs
cachefiles
ceph
cifs
coda
configfs
cramfs
debugfs
devpts
dlm
ecryptfs
efivarfs
efs
exofs
exportfs
ext2
ext4
f2fs
fat
freevxfs
fscache
fuse
gfs2
hfs
hfsplus
hostfs
hpfs
hugetlbfs
isofs
jbd2
jffs2
jfs
kernfs
lockd
logfs
minix
ncpfs
nfs
nfs_common
nfsd
nilfs2
nls
notify
ntfs
ocfs2
omfs
openpromfs
overlayfs
proc
pstore
qnx4
qnx6
quota
ramfs
reiserfs
romfs
squashfs
sysfs
sysv
tracefs
ubifs
udf
ufs
xfs
Kconfig	-rw-r--r--	6.9 KB
Kconfig.binfmt	-rw-r--r--	7.0 KB
Makefile	-rw-r--r--	4.1 KB
aio.c	-rw-r--r--	43.0 KB
anon_inodes.c	-rw-r--r--	4.9 KB
attr.c	-rw-r--r--	7.9 KB
bad_inode.c	-rw-r--r--	4.7 KB
binfmt_aout.c	-rw-r--r--	10.8 KB
binfmt_elf.c	-rw-r--r--	60.7 KB
binfmt_elf_fdpic.c	-rw-r--r--	47.8 KB
binfmt_em86.c	-rw-r--r--	2.8 KB
binfmt_flat.c	-rw-r--r--	26.4 KB
binfmt_misc.c	-rw-r--r--	17.4 KB
binfmt_script.c	-rw-r--r--	3.0 KB
block_dev.c	-rw-r--r--	48.7 KB
buffer.c	-rw-r--r--	88.8 KB
char_dev.c	-rw-r--r--	13.3 KB
compat.c	-rw-r--r--	37.1 KB
compat_binfmt_elf.c	-rw-r--r--	3.7 KB
compat_ioctl.c	-rw-r--r--	45.8 KB
coredump.c	-rw-r--r--	19.9 KB
dax.c	-rw-r--r--	31.3 KB
dcache.c	-rw-r--r--	89.4 KB
dcookies.c	-rw-r--r--	6.9 KB
direct-io.c	-rw-r--r--	38.3 KB
drop_caches.c	-rw-r--r--	1.6 KB
eventfd.c	-rw-r--r--	11.2 KB
eventpoll.c	-rw-r--r--	59.5 KB
exec.c	-rw-r--r--	40.7 KB
fcntl.c	-rw-r--r--	16.7 KB
fhandle.c	-rw-r--r--	6.5 KB
file.c	-rw-r--r--	23.5 KB
file_table.c	-rw-r--r--	8.5 KB
filesystems.c	-rw-r--r--	6.4 KB
fs-writeback.c	-rw-r--r--	67.4 KB
fs_pin.c	-rw-r--r--	2.0 KB
fs_struct.c	-rw-r--r--	3.3 KB
inode.c	-rw-r--r--	53.0 KB
internal.h	-rw-r--r--	3.8 KB
ioctl.c	-rw-r--r--	17.1 KB
libfs.c	-rw-r--r--	30.3 KB
locks.c	-rw-r--r--	71.5 KB
mbcache.c	-rw-r--r--	24.1 KB
mount.h	-rw-r--r--	3.5 KB
mpage.c	-rw-r--r--	20.3 KB
namei.c	-rw-r--r--	115.7 KB
namespace.c	-rw-r--r--	81.6 KB
no-block.c	-rw-r--r--	688 bytes
nsfs.c	-rw-r--r--	3.7 KB
open.c	-rw-r--r--	26.8 KB
pipe.c	-rw-r--r--	26.3 KB
pnode.c	-rw-r--r--	11.2 KB
pnode.h	-rw-r--r--	1.8 KB
posix_acl.c	-rw-r--r--	19.6 KB
proc_namespace.c	-rw-r--r--	7.7 KB
read_write.c	-rw-r--r--	36.4 KB
readdir.c	-rw-r--r--	6.9 KB
select.c	-rw-r--r--	25.3 KB
seq_file.c	-rw-r--r--	22.4 KB
signalfd.c	-rw-r--r--	9.2 KB
splice.c	-rw-r--r--	46.2 KB
stack.c	-rw-r--r--	2.5 KB
stat.c	-rw-r--r--	11.9 KB
statfs.c	-rw-r--r--	5.3 KB
super.c	-rw-r--r--	35.0 KB
sync.c	-rw-r--r--	9.9 KB
timerfd.c	-rw-r--r--	13.0 KB
userfaultfd.c	-rw-r--r--	34.9 KB
utimes.c	-rw-r--r--	5.9 KB
xattr.c	-rw-r--r--	23.2 KB

Showing with 0 additions and 0 deletions (0 / 0 diffs computed)

Computing file changes ...