From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([140.186.70.92]:37945)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <kwolf@redhat.com>) id 1QdlCV-0005wB-W7
	for qemu-devel@nongnu.org; Mon, 04 Jul 2011 11:36:45 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <kwolf@redhat.com>) id 1QdlCT-0001Ym-Ob
	for qemu-devel@nongnu.org; Mon, 04 Jul 2011 11:36:43 -0400
Received: from mx1.redhat.com ([209.132.183.28]:28073)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <kwolf@redhat.com>) id 1QdlCS-0001YM-U3
	for qemu-devel@nongnu.org; Mon, 04 Jul 2011 11:36:41 -0400
Received: from int-mx09.intmail.prod.int.phx2.redhat.com
	(int-mx09.intmail.prod.int.phx2.redhat.com [10.5.11.22])
	by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id p64FaeAQ030191
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK)
	for <qemu-devel@nongnu.org>; Mon, 4 Jul 2011 11:36:40 -0400
From: Kevin Wolf <kwolf@redhat.com>
Date: Mon,  4 Jul 2011 17:39:32 +0200
Message-Id: <1309793972-24597-2-git-send-email-kwolf@redhat.com>
In-Reply-To: <1309793972-24597-1-git-send-email-kwolf@redhat.com>
References: <1309793972-24597-1-git-send-email-kwolf@redhat.com>
Subject: [Qemu-devel] [PATCH 2/2] ide: Initialise buffers with zeros
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: qemu-devel@nongnu.org
Cc: kwolf@redhat.com

Just in case there's still a way how a guest can read out buffers when it's not
supposed to, let's zero the buffers during initialisation so that we don't leak
information to the guest.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
---
 hw/ide/core.c |    6 +++++-
 1 files changed, 5 insertions(+), 1 deletions(-)

diff --git a/hw/ide/core.c b/hw/ide/core.c
index 2c5395b..9cace01 100644
--- a/hw/ide/core.c
+++ b/hw/ide/core.c
@@ -1785,9 +1785,13 @@ static void ide_init1(IDEBus *bus, int unit)
     s->unit = unit;
     s->drive_serial = drive_serial++;
     /* we need at least 2k alignment for accessing CDROMs using O_DIRECT */
-    s->io_buffer = qemu_memalign(2048, IDE_DMA_BUF_SECTORS*512 + 4);
     s->io_buffer_total_len = IDE_DMA_BUF_SECTORS*512 + 4;
+    s->io_buffer = qemu_memalign(2048, s->io_buffer_total_len);
+    memset(s->io_buffer, 0, s->io_buffer_total_len);
+
     s->smart_selftest_data = qemu_blockalign(s->bs, 512);
+    memset(s->smart_selftest_data, 0, 512);
+
     s->sector_write_timer = qemu_new_timer_ns(vm_clock,
                                            ide_sector_write_timer_cb, s);
 }
-- 
1.7.6