* [PATCH] kvm: Initialize all struct members to avoid stack information leak
@ 2011-07-19 13:17 Marcus Meissner
2011-07-19 14:12 ` Juan Quintela
0 siblings, 1 reply; 4+ messages in thread
From: Marcus Meissner @ 2011-07-19 13:17 UTC (permalink / raw)
To: avi, mtosatti, tglx, mingo, hpa, x86, kvm, linux-kernel
Cc: Marcus Meissner, Marcus Meissner
Hi,
Reported to us by Stephan Mueller of atsec.
Several .pad struct members are not set to something, so they
will leak stack content back to user space.
Ciao, Marcus
Reported-by: Stephan Mueller <smueller@atsec.com>
Signed-off-by: Marcus Meissner <meissner@suse.de>
---
arch/x86/kvm/x86.c | 1 +
1 files changed, 1 insertions(+), 0 deletions(-)
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index 77c9d86..621ffb6 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -3002,6 +3002,7 @@ long kvm_arch_vcpu_ioctl(struct file *filp,
case KVM_GET_VCPU_EVENTS: {
struct kvm_vcpu_events events;
+ memset(&events, 0, sizeof(events));
kvm_vcpu_ioctl_x86_get_vcpu_events(vcpu, &events);
r = -EFAULT;
--
1.7.6
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH] kvm: Initialize all struct members to avoid stack information leak
2011-07-19 13:17 [PATCH] kvm: Initialize all struct members to avoid stack information leak Marcus Meissner
@ 2011-07-19 14:12 ` Juan Quintela
2011-07-19 17:38 ` Jan Kiszka
0 siblings, 1 reply; 4+ messages in thread
From: Juan Quintela @ 2011-07-19 14:12 UTC (permalink / raw)
To: Marcus Meissner
Cc: avi, mtosatti, tglx, mingo, hpa, x86, kvm, linux-kernel,
Marcus Meissner
Marcus Meissner <meissner@novell.com> wrote:
> Hi,
>
> Reported to us by Stephan Mueller of atsec.
>
> Several .pad struct members are not set to something, so they
> will leak stack content back to user space.
>
> Ciao, Marcus
>
> Reported-by: Stephan Mueller <smueller@atsec.com>
> Signed-off-by: Marcus Meissner <meissner@suse.de>
> ---
> arch/x86/kvm/x86.c | 1 +
> 1 files changed, 1 insertions(+), 0 deletions(-)
>
> diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
> index 77c9d86..621ffb6 100644
> --- a/arch/x86/kvm/x86.c
> +++ b/arch/x86/kvm/x86.c
> @@ -3002,6 +3002,7 @@ long kvm_arch_vcpu_ioctl(struct file *filp,
> case KVM_GET_VCPU_EVENTS: {
> struct kvm_vcpu_events events;
>
> + memset(&events, 0, sizeof(events));
> kvm_vcpu_ioctl_x86_get_vcpu_events(vcpu, &events);
>
> r = -EFAULT;
Looking at arch/x86/include/asm/kvm.h & arch/x86/kvm/x86.c I can't see
what pad fields are not initialized. My reading is that everything is
initialized in kvm_vcpu_ioctl_x86_get_vcpu_events(). What field are you
refering to?
Later, Juan.
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] kvm: Initialize all struct members to avoid stack information leak
2011-07-19 14:12 ` Juan Quintela
@ 2011-07-19 17:38 ` Jan Kiszka
2011-07-20 11:49 ` Marcus Meissner
0 siblings, 1 reply; 4+ messages in thread
From: Jan Kiszka @ 2011-07-19 17:38 UTC (permalink / raw)
To: quintela
Cc: Marcus Meissner, avi, mtosatti, tglx, mingo, hpa, x86, kvm,
linux-kernel, Marcus Meissner
On 2011-07-19 16:12, Juan Quintela wrote:
> Marcus Meissner <meissner@novell.com> wrote:
>> Hi,
>>
>> Reported to us by Stephan Mueller of atsec.
>>
>> Several .pad struct members are not set to something, so they
>> will leak stack content back to user space.
>>
>> Ciao, Marcus
>>
>> Reported-by: Stephan Mueller <smueller@atsec.com>
>> Signed-off-by: Marcus Meissner <meissner@suse.de>
>> ---
>> arch/x86/kvm/x86.c | 1 +
>> 1 files changed, 1 insertions(+), 0 deletions(-)
>>
>> diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
>> index 77c9d86..621ffb6 100644
>> --- a/arch/x86/kvm/x86.c
>> +++ b/arch/x86/kvm/x86.c
>> @@ -3002,6 +3002,7 @@ long kvm_arch_vcpu_ioctl(struct file *filp,
>> case KVM_GET_VCPU_EVENTS: {
>> struct kvm_vcpu_events events;
>>
>> + memset(&events, 0, sizeof(events));
>> kvm_vcpu_ioctl_x86_get_vcpu_events(vcpu, &events);
>>
>> r = -EFAULT;
>
> Looking at arch/x86/include/asm/kvm.h & arch/x86/kvm/x86.c I can't see
> what pad fields are not initialized. My reading is that everything is
> initialized in kvm_vcpu_ioctl_x86_get_vcpu_events(). What field are you
> refering to?
Good question. Information leaks were once addressed by 97e69aa62f, and
kvm_vcpu_events was not changed since then.
Jan
--
Siemens AG, Corporate Technology, CT T DE IT 1
Corporate Competence Center Embedded Linux
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] kvm: Initialize all struct members to avoid stack information leak
2011-07-19 17:38 ` Jan Kiszka
@ 2011-07-20 11:49 ` Marcus Meissner
0 siblings, 0 replies; 4+ messages in thread
From: Marcus Meissner @ 2011-07-20 11:49 UTC (permalink / raw)
To: Jan Kiszka
Cc: quintela, Marcus Meissner, avi, mtosatti, tglx, mingo, hpa, x86,
kvm, linux-kernel
On Tue, Jul 19, 2011 at 07:38:27PM +0200, Jan Kiszka wrote:
> On 2011-07-19 16:12, Juan Quintela wrote:
> > Marcus Meissner <meissner@novell.com> wrote:
> >> Hi,
> >>
> >> Reported to us by Stephan Mueller of atsec.
> >>
> >> Several .pad struct members are not set to something, so they
> >> will leak stack content back to user space.
> >>
> >> Ciao, Marcus
> >>
> >> Reported-by: Stephan Mueller <smueller@atsec.com>
> >> Signed-off-by: Marcus Meissner <meissner@suse.de>
> >> ---
> >> arch/x86/kvm/x86.c | 1 +
> >> 1 files changed, 1 insertions(+), 0 deletions(-)
> >>
> >> diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
> >> index 77c9d86..621ffb6 100644
> >> --- a/arch/x86/kvm/x86.c
> >> +++ b/arch/x86/kvm/x86.c
> >> @@ -3002,6 +3002,7 @@ long kvm_arch_vcpu_ioctl(struct file *filp,
> >> case KVM_GET_VCPU_EVENTS: {
> >> struct kvm_vcpu_events events;
> >>
> >> + memset(&events, 0, sizeof(events));
> >> kvm_vcpu_ioctl_x86_get_vcpu_events(vcpu, &events);
> >>
> >> r = -EFAULT;
> >
> > Looking at arch/x86/include/asm/kvm.h & arch/x86/kvm/x86.c I can't see
> > what pad fields are not initialized. My reading is that everything is
> > initialized in kvm_vcpu_ioctl_x86_get_vcpu_events(). What field are you
> > refering to?
>
> Good question. Information leaks were once addressed by 97e69aa62f, and
> kvm_vcpu_events was not changed since then.
I was looking at old code, did not cross check if it is fixed in mainline.
Sorry for the noise.
Ciao, Marcus
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2011-07-20 11:49 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2011-07-19 13:17 [PATCH] kvm: Initialize all struct members to avoid stack information leak Marcus Meissner
2011-07-19 14:12 ` Juan Quintela
2011-07-19 17:38 ` Jan Kiszka
2011-07-20 11:49 ` Marcus Meissner
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox