From: Andrew Cooper Date: Thu, 23 Apr 2015 11:07:59 +0000 (+0200) Subject: sysctl: zero structures on the stack X-Git-Tag: archive/raspbian/4.8.0-1+rpi1~1^2~3373 X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=d5f863db94391b6ff52aa397b3d77d7f527daef2;p=xen.git sysctl: zero structures on the stack None of these structures currently contain a hole. However, there is a risk that a change to the structure might introduce a hole, and thus create a hypervisor stack leak to the toolstack. Mitigate this risk by preemptively zeroing these structures. These are not hotpaths, so the slight overhead is not an issue. Signed-off-by: Andrew Cooper --- diff --git a/xen/common/sysctl.c b/xen/common/sysctl.c index 65798a31a3..7361064572 100644 --- a/xen/common/sysctl.c +++ b/xen/common/sysctl.c @@ -144,7 +144,7 @@ long do_sysctl(XEN_GUEST_HANDLE_PARAM(xen_sysctl_t) u_sysctl) case XEN_SYSCTL_getcpuinfo: { uint32_t i, nr_cpus; - struct xen_sysctl_cpuinfo cpuinfo; + struct xen_sysctl_cpuinfo cpuinfo = { 0 }; nr_cpus = min(op->u.getcpuinfo.max_cpus, nr_cpu_ids); @@ -283,6 +283,8 @@ long do_sysctl(XEN_GUEST_HANDLE_PARAM(xen_sysctl_t) u_sysctl) if ( do_meminfo || do_distance ) { + xen_sysctl_meminfo_t meminfo = { 0 }; + if ( ni->num_nodes < num_nodes ) { ret = -ENOBUFS; @@ -293,7 +295,6 @@ long do_sysctl(XEN_GUEST_HANDLE_PARAM(xen_sysctl_t) u_sysctl) for ( ; i < num_nodes; i++ ) { - xen_sysctl_meminfo_t meminfo; static uint32_t distance[MAX_NUMNODES]; if ( do_meminfo ) @@ -355,6 +356,8 @@ long do_sysctl(XEN_GUEST_HANDLE_PARAM(xen_sysctl_t) u_sysctl) num_cpus = cpumask_last(&cpu_online_map) + 1; if ( !guest_handle_is_null(ti->cputopo) ) { + xen_sysctl_cputopo_t cputopo = { 0 }; + if ( ti->num_cpus < num_cpus ) { ret = -ENOBUFS; @@ -365,8 +368,6 @@ long do_sysctl(XEN_GUEST_HANDLE_PARAM(xen_sysctl_t) u_sysctl) for ( ; i < num_cpus; i++ ) { - xen_sysctl_cputopo_t cputopo; - if ( cpu_present(i) ) { cputopo.core = cpu_to_core(i);