From nobody Thu Apr  2 20:28:02 2026
Received: from mail-wm1-f45.google.com (mail-wm1-f45.google.com
 [209.85.128.45])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id A91A22580E1
	for <linux-kernel@vger.kernel.org>; Thu, 12 Feb 2026 21:25:12 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.128.45
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1770931514; cv=none;
 b=HbvtJUY4fHimRDD4/03JOx5Lvk6/eECwkKD3ntbyStNPVRTVu8chJvpg7fPj/0ANOnKeolOmnCcH9q3OdA4zvswLxcXuAFFXyVctXvtLCXvGDcwz7zwKhpdy+SocudHK48d0vhgHfhMLrdKKi7dcI7gR9FAxB4nnX7ytLXs9USA=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1770931514; c=relaxed/simple;
	bh=KRhe4rELu/sz9QsZje5A7ZyRCiBmJhzJPEwVLEqS/1A=;
	h=From:To:Cc:Subject:Date:Message-ID:MIME-Version;
 b=Xd9NuOL+D1OzJH3EjmuR1RQTd3+J18d7lQ6Mh458q6LU+k0gpRTKj5hf6UenE3Fe20gynJP6myhaWG4xErCJJ9Lvi2vLX4TLVwLnu8LD4NeEbozh4dvogW2oAwIjBI3wynNRTB7bnh9xBrh68kTMDX3hsFzeqshcv3iBEd5Nluw=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=gmail.com;
 spf=pass smtp.mailfrom=gmail.com;
 dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com
 header.b=OtiPNqyQ; arc=none smtp.client-ip=209.85.128.45
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=gmail.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=gmail.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com
 header.b="OtiPNqyQ"
Received: by mail-wm1-f45.google.com with SMTP id
 5b1f17b1804b1-4834826e555so2829015e9.2
        for <linux-kernel@vger.kernel.org>;
 Thu, 12 Feb 2026 13:25:12 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1770931511; x=1771536311;
 darn=vger.kernel.org;
        h=content-transfer-encoding:mime-version:message-id:date:subject:cc
         :to:from:from:to:cc:subject:date:message-id:reply-to;
        bh=Q07s9ZcFobUHauXrgdwNud5gwoKYfOpZ6mEK9JsUxm8=;
        b=OtiPNqyQ0IfIxGzMPUzrFoAqCRGZKKyHZxFay7OJSShdMl1dMgtN3sm59XJQ0Sgo0A
         17EoT9cGbi08usadXqJhrakZlPciNGbkG9454paeN6BzRU1LxOlbEp7HJog2YZcgMwcW
         p+bDnCmE8W19pfYfZflyUib1mB6Zt/de24bUCdCW1qL/G09ktV6K8Ui41HlynHhQBibu
         5+ds9Ca4iShjXD+5mvQGUA6/xlz4QkkBOuytFMgwJUrlM2SMz2LJjukax/bhByGY2cM2
         g8hMM2PHq+kjvhSHWn6l9So3yi5uWtYEg5cRTSWhkoiDtsKGfeVkpGkcMPvrreTHf9xt
         IcAw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1770931511; x=1771536311;
        h=content-transfer-encoding:mime-version:message-id:date:subject:cc
         :to:from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date
         :message-id:reply-to;
        bh=Q07s9ZcFobUHauXrgdwNud5gwoKYfOpZ6mEK9JsUxm8=;
        b=qJUJfT8XrjB0ezj9JsCdZBp36jWAWODgxFnlnAQrHGVOBpR0qGqFVEmbFZrCikA+7i
         WmIl40BtZKqE73BOb8ZKgz/o+TpQGKnKIpBlA+LyW6THhtfK+mtMqL2E8P74Vl2hx4PC
         PEwtI3W0Uuc0VZgE0lmFwbR3HIi6elPzAA/8YrpgK1rSjbaij6QUxzDPXNybICSWAmRO
         VOSH8pV/qmRHwk8FjsQGVLXT4d8qWytLMb+Bl+OS/hkbHcmu+dHDTUlxdYSkYDggaHnk
         IS5GqRLGak9De0sfAis3D2YaDY+owFOKNs81BDQ5PM2+VueshLeS9BjoicIVRku6BiXx
         yhvQ==
X-Forwarded-Encrypted: i=1;
 AJvYcCU44OdQpdyIsHZri1CT1lYYZb9tIgD7+fsv30VHaXwsbUlc03+Yw6Aj/nxptF4/BJbXhAKoUdzIp2I1EB8=@vger.kernel.org
X-Gm-Message-State: AOJu0YxYF+ENRCxBUKYoJGWtN2W+hB5Rm5b7s71lCdD/izTLBvyg4lsP
	KeaCqrcZjZCINgTLBJ8jGL6mVZn6kOf9fxn++PEdyayZEJKwTAR+YQBs
X-Gm-Gg: AZuq6aL3wwGGxVhTo0KHpbtlWYvwQJMEpDuwlTcGyk853u8IPRGz81zHq0ZP5hegeWw
	dA8j0Pvceig4eKcp10pV7pb+VFspP3snASYZ7QriTZ9/TyWnow8axmxEHLn6pMTlWbayiVzJqW2
	+gsp3HsdCam9DcNJuVqv4CusMPFzStsCFu71aL259HZ1ztcKXVC1cLtUXsryD+bh7mVIIujsI0t
	QYj49R0RUpFbkTI3UVQJHwU3kAN30vrg5Og4otjNTuPI2UlP1KuFlowm4SFU5Sd2qSyvAo3ANdg
	PMMA9M0WfSpV1pzjl0z25pELBkWSBbjs66jrw2KKUaypS7zAC1OTGArIsyqOK31dUZ4ntFSzntO
	/vITm2vTCmDLmc7NIBFy8j6DzT1pj19x22WI/EErFy/XZjkf/WlLUSS2YAUs0JjlO+jePoAY68E
	46wfv2wcphd1uO3PivCAitgA2vJS+HYUxRN0OqHtWlG8x5R4WelVBKwSY=
X-Received: by 2002:a05:600c:699a:b0:482:f564:d613 with SMTP id
 5b1f17b1804b1-48370e23c36mr7565265e9.15.1770931510844;
        Thu, 12 Feb 2026 13:25:10 -0800 (PST)
Received: from fedora ([46.248.82.114])
        by smtp.gmail.com with ESMTPSA id
 5b1f17b1804b1-4835dcfaae1sm113802635e9.10.2026.02.12.13.25.09
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 12 Feb 2026 13:25:10 -0800 (PST)
From: Uros Bizjak <ubizjak@gmail.com>
To: kvm@vger.kernel.org,
	x86@kernel.org,
	linux-kernel@vger.kernel.org
Cc: Uros Bizjak <ubizjak@gmail.com>,
	Sean Christopherson <seanjc@google.com>,
	Paolo Bonzini <pbonzini@redhat.com>,
	Thomas Gleixner <tglx@kernel.org>,
	Ingo Molnar <mingo@kernel.org>,
	Borislav Petkov <bp@alien8.de>,
	Dave Hansen <dave.hansen@linux.intel.com>,
	"H. Peter Anvin" <hpa@zytor.com>
Subject: [PATCH] KVM: x86: Zero-initialize temporary fxregs_state buffers in
 FXSAVE emulation
Date: Thu, 12 Feb 2026 22:24:04 +0100
Message-ID: <20260212212457.24483-1-ubizjak@gmail.com>
X-Mailer: git-send-email 2.53.0
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

Explicitly zero-initialize stack-allocated struct fxregs_state
variables in em_fxsave() and fxregs_fixup() to ensure all padding and
unused fields are cleared before use.

Both functions declare temporary fxregs_state buffers that may be
partially written by fxsave. Although the emulator copies only the
architecturally defined portion of the state to userspace, any padding
or otherwise untouched bytes in the structure can remain uninitialized.
This can lead to the use of uninitialized stack data and may trigger
KMSAN reports. In the worst case, it could result in leaking stack
contents if such bytes are ever exposed.

No functional change intended.

Suggested-by: Sean Christopherson <seanjc@google.com>
Signed-off-by: Uros Bizjak <ubizjak@gmail.com>
Cc: Sean Christopherson <seanjc@google.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Thomas Gleixner <tglx@kernel.org>
Cc: Ingo Molnar <mingo@kernel.org>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Dave Hansen <dave.hansen@linux.intel.com>
Cc: "H. Peter Anvin" <hpa@zytor.com>
---
 arch/x86/kvm/emulate.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c
index c8e292e9a24d..20ed588015f1 100644
--- a/arch/x86/kvm/emulate.c
+++ b/arch/x86/kvm/emulate.c
@@ -3708,7 +3708,7 @@ static inline size_t fxstate_size(struct x86_emulate_=
ctxt *ctxt)
  */
 static int em_fxsave(struct x86_emulate_ctxt *ctxt)
 {
-	struct fxregs_state fx_state;
+	struct fxregs_state fx_state =3D {};
 	int rc;
=20
 	rc =3D check_fxsr(ctxt);
@@ -3738,7 +3738,7 @@ static int em_fxsave(struct x86_emulate_ctxt *ctxt)
 static noinline int fxregs_fixup(struct fxregs_state *fx_state,
 				 const size_t used_size)
 {
-	struct fxregs_state fx_tmp;
+	struct fxregs_state fx_tmp =3D {};
 	int rc;
=20
 	rc =3D asm_safe("fxsave %[fx]", , [fx] "+m"(fx_tmp));
--=20
2.53.0