From nobody Fri Nov 7 09:09:04 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=linaro.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1547836628437970.336588058537; Fri, 18 Jan 2019 10:37:08 -0800 (PST) Received: from localhost ([127.0.0.1]:45122 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1gkZ0t-0007qA-1q for importer@patchew.org; Fri, 18 Jan 2019 13:37:07 -0500 Received: from eggs.gnu.org ([209.51.188.92]:44012) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1gkZ03-0007SL-7S for qemu-devel@nongnu.org; Fri, 18 Jan 2019 13:36:15 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1gkYzz-00028c-E1 for qemu-devel@nongnu.org; Fri, 18 Jan 2019 13:36:13 -0500 Received: from mail-wr1-x442.google.com ([2a00:1450:4864:20::442]:41313) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1gkYzv-0001y8-R4 for qemu-devel@nongnu.org; Fri, 18 Jan 2019 13:36:09 -0500 Received: by mail-wr1-x442.google.com with SMTP id x10so16213153wrs.8 for ; Fri, 18 Jan 2019 10:36:06 -0800 (PST) Received: from orth.archaic.org.uk (orth.archaic.org.uk. [81.2.115.148]) by smtp.gmail.com with ESMTPSA id y138sm49444174wmc.16.2019.01.18.10.36.04 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Fri, 18 Jan 2019 10:36:04 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=EPaAv7TrzdHpQ3z9qYH0czL3UgwJP9+8EsxHd/mbpCc=; b=aL/byzB3Embi4CGRgEQC7pbyBm2TEh5eIwDwmgM0FpvDbtWWf+USw3o4zM16CGogoy 2GcJ5mEsWpy1C9R4Rd5zHB+6UNF8D1hqB97XsK2In3ijr+1BLcmNlSHdCFj2laZOdyMV kjErTPB/QMWFqFSH4Qn/JeelC3pBtGDHNlfLg= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=EPaAv7TrzdHpQ3z9qYH0czL3UgwJP9+8EsxHd/mbpCc=; b=jhJXaHdkJyaKpX1xKOsuEz9jXFvS0R11sB+oREDmBB4JV8Benuutx+JYEJHPcTaZUn 4L6chdPmAkVX37CYR77KvW3FYV9S+rgCRVTaXYovsqCg6qsROYSowV/wgLD1gQreykbo PpZZw0BJjX5RnVSP87QJZk11cRCAN+OoLjp2VvyH3O2bxavAeVQEhQMWSie9+zW4nmk1 oY5RylwXjcwPvVYL3OSMIMCvE2Kbn9189V0K0PNOtZR4YtuaWQegPyg6cRACd18xF4Vi ZHevwmpjhQopgpEwlWxE09MdZfhZk0W0kMzDub8EQOT0+pneriKEro+oDtuIEs0Zg7S1 IKrQ== X-Gm-Message-State: AJcUukf6cncXV17gy5ByEK6rpJaTKHukEOOlaJ09YBQ1UckxLRHe/TkQ T4b1uVSzot+R8xtB/RSG+KcoD98JZWS1vQ== X-Google-Smtp-Source: ALg8bN58GO679ueyhsiZsIju77v61P1zD7xLYW/twQYLjXgMd1dqQBSjmpPfyNBh4boq4RGZzl6vGQ== X-Received: by 2002:adf:fa05:: with SMTP id m5mr17325408wrr.155.1547836565452; Fri, 18 Jan 2019 10:36:05 -0800 (PST) From: Peter Maydell To: qemu-devel@nongnu.org Date: Fri, 18 Jan 2019 18:36:03 +0000 Message-Id: <20190118183603.24757-1-peter.maydell@linaro.org> X-Mailer: git-send-email 2.20.1 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2a00:1450:4864:20::442 Subject: [Qemu-devel] [PATCH] hw/virtio/virtio-balloon: zero-initialize the virtio_balloon_config struct X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Paolo Bonzini , "Michael S. Tsirkin" , patches@linaro.org Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) Content-Type: text/plain; charset="utf-8" In virtio_balloon_get_config() we initialize a struct virtio_balloon_config which we then copy to guest memory. However, the local variable is not zero initialized. This works OK at the moment because we initialize all the fields in it; however an upcoming kernel header change will add some new fields. If we don't zero out the whole struct then we will start leaking a small amount of the contents of QEMU's stack to the guest as soon as we update linux-headers/ to a set of headers that includes the new fields. Signed-off-by: Peter Maydell Reviewed-by: Michael S. Tsirkin Reviewed-by: Philippe Mathieu-Daud=C3=A9 --- It looks like none of the other virtio devices have this bug. Tested with "make check" only. As the commit message notes, must go in before our next headers update. --- hw/virtio/virtio-balloon.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hw/virtio/virtio-balloon.c b/hw/virtio/virtio-balloon.c index 1728e4f83af..a12677d4d5b 100644 --- a/hw/virtio/virtio-balloon.c +++ b/hw/virtio/virtio-balloon.c @@ -311,7 +311,7 @@ out: static void virtio_balloon_get_config(VirtIODevice *vdev, uint8_t *config_= data) { VirtIOBalloon *dev =3D VIRTIO_BALLOON(vdev); - struct virtio_balloon_config config; + struct virtio_balloon_config config =3D {}; =20 config.num_pages =3D cpu_to_le32(dev->num_pages); config.actual =3D cpu_to_le32(dev->actual); --=20 2.20.1