From mboxrd@z Thu Jan 1 00:00:00 1970 From: Andrew Cooper Subject: Re: Ping: [PATCH 4/5] HVM: prevent leaking heap data from hvm_save_one() Date: Tue, 17 Dec 2013 10:45:41 +0000 Message-ID: <52B02B55.9040706@citrix.com> References: <52A744B7020000780010BEF1@nat28.tlf.novell.com> <52A745C0020000780010BF2A@nat28.tlf.novell.com> <52B0248E020000780010E082@nat28.tlf.novell.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Return-path: Received: from mail6.bemta3.messagelabs.com ([195.245.230.39]) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1Vss9p-0005FE-PW for xen-devel@lists.xenproject.org; Tue, 17 Dec 2013 10:45:46 +0000 In-Reply-To: <52B0248E020000780010E082@nat28.tlf.novell.com> List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xen.org Errors-To: xen-devel-bounces@lists.xen.org To: Jan Beulich Cc: George Dunlap , xen-devel , Keir Fraser , Don Slutz List-Id: xen-devel@lists.xenproject.org On 17/12/13 09:16, Jan Beulich wrote: >>>> On 10.12.13 at 16:48, "Jan Beulich" wrote: >> When one or more of the vCPU-s of a guest are offline, no data may be >> put into the allocated space for them and, due to another bug, such >> uninitialized data may be passed back to the caller. >> >> Signed-off-by: Don Slutz >> Acked-by: Ian Campbell >> Reviewed-by: Jan Beulich > Keir? This issue is completely fixed by the latest patch is it not? With the latest patch, we always copy out of the written subset of ctxt.data, even if ctxt.size is larger. ~Andrew > >> --- a/xen/common/hvm/save.c >> +++ b/xen/common/hvm/save.c >> @@ -102,7 +102,7 @@ int hvm_save_one(struct domain *d, uint1 >> return -EINVAL; >> >> ctxt.size = sz; >> - ctxt.data = xmalloc_bytes(sz); >> + ctxt.data = xzalloc_bytes(sz); >> if ( !ctxt.data ) >> return -ENOMEM; >> > > > _______________________________________________ > Xen-devel mailing list > Xen-devel@lists.xen.org > http://lists.xen.org/xen-devel