git.baikalelectronics.ru Git - kernel.git/commit

author	Liran Alon <liran.alon@oracle.com>
	Wed, 7 Nov 2018 22:43:06 +0000 (00:43 +0200)
committer	Paolo Bonzini <pbonzini@redhat.com>
	Tue, 27 Nov 2018 11:49:57 +0000 (12:49 +0100)
commit	9bedddafbba727e1d2c3b02888b0468cf93360e8
tree	37f93e550fe07cf619662e165db685793e9ae347	tree \| snapshot
parent	aa3783c0ae5b69e766a4c39cc67247edc4c9ac0f	commit \| diff

KVM: x86: Fix kernel info-leak in KVM_HC_CLOCK_PAIRING hypercall

kvm_pv_clock_pairing() allocates local var
"struct kvm_clock_pairing clock_pairing" on stack and initializes
all it's fields besides padding (clock_pairing.pad[]).

Because clock_pairing var is written completely (including padding)
to guest memory, failure to init struct padding results in kernel
info-leak.

Fix the issue by making sure to also init the padding with zeroes.

Fixes: 8128ea10ca2a ("KVM: x86: add KVM_HC_CLOCK_PAIRING hypercall")
Reported-by: syzbot+a8ef68d71211ba264f56@syzkaller.appspotmail.com
Reviewed-by: Mark Kanda <mark.kanda@oracle.com>
Signed-off-by: Liran Alon <liran.alon@oracle.com>
Cc: stable@vger.kernel.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>