On 30.10.2010, at 20:54, Vasiliy Kulikov wrote:
Structures kvm_vcpu_events, kvm_debugregs, kvm_pit_state2 and
kvm_clock_data are copied to userland with some padding and reserved
fields unitialized. It leads to leaking of contents of kernel stack
memory. We have to initialize them to zero.
On 07/26/2011 08:05 PM, Alexander Graf wrote:
struct kvm_pit_state2 {
struct kvm_pit_channel_state channels[3];
__u32 flags;
__u32 reserved[9];
};
So memset(ps-reserved) would give you the a __u32 **, no? Same goes for all
the other array sets in here. Or am I
Alexander,
On Tue, Jul 26, 2011 at 19:05 +0200, Alexander Graf wrote:
@@ -2623,6 +2626,7 @@ static void kvm_vcpu_ioctl_x86_get_debugregs(struct
kvm_vcpu *vcpu,
dbgregs-dr6 = vcpu-arch.dr6;
dbgregs-dr7 = vcpu-arch.dr7;
dbgregs-flags = 0;
+ memset(dbgregs-reserved, 0,
On 26.07.2011, at 19:24, Avi Kivity wrote:
On 07/26/2011 08:05 PM, Alexander Graf wrote:
struct kvm_pit_state2 {
struct kvm_pit_channel_state channels[3];
__u32 flags;
__u32 reserved[9];
};
So memset(ps-reserved) would give you the a __u32 **, no? Same goes for
On 26.07.2011, at 19:28, Vasiliy Kulikov wrote:
Alexander,
On Tue, Jul 26, 2011 at 19:05 +0200, Alexander Graf wrote:
@@ -2623,6 +2626,7 @@ static void kvm_vcpu_ioctl_x86_get_debugregs(struct
kvm_vcpu *vcpu,
dbgregs-dr6 = vcpu-arch.dr6;
dbgregs-dr7 = vcpu-arch.dr7;
On Sat, Oct 30, 2010 at 10:54:47PM +0400, Vasiliy Kulikov wrote:
Structures kvm_vcpu_events, kvm_debugregs, kvm_pit_state2 and
kvm_clock_data are copied to userland with some padding and reserved
fields unitialized. It leads to leaking of contents of kernel stack
memory. We have to
Structures kvm_vcpu_events, kvm_debugregs, kvm_pit_state2 and
kvm_clock_data are copied to userland with some padding and reserved
fields unitialized. It leads to leaking of contents of kernel stack
memory. We have to initialize them to zero.
In patch v1 Jan Kiszka suggested to fill reserved
