Received: by 2002:a05:6a10:8c0a:0:0:0:0 with SMTP id go10csp409108pxb; Wed, 24 Feb 2021 05:38:17 -0800 (PST) X-Google-Smtp-Source: ABdhPJxDtuQiYy277RpjK4RH5Z613e7EMhYjX5CH5MfeBiqohObNwGl811UWYY7ucPgXHpcAp8H9 X-Received: by 2002:a17:906:a44:: with SMTP id x4mr30629335ejf.101.1614173896873; Wed, 24 Feb 2021 05:38:16 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1614173896; cv=none; d=google.com; s=arc-20160816; b=pTgjGNeMVm8jHccV7e5rtfNBtRh6BMgdwpfD/LnozS6IlOJDa2R2LlAHGQvlshxV9K gKTSLiJ09k9ZaqICB3gOU2dFIUh3gI83ULgIF897KvoHr9vc+Gn+V5LY8Br70nTOInD4 fORtcdMPI4+yp7EsL01qthKwjwjPOX35RhboyQFBcVzrXUjNw+CNz43Mai0oXaebV/8W UvV4BVFHU+Qglk/HMJZZD5IvJrcIy3kwqRaoZasSVbYxtnnZABelYpYpkPMTw03qLhc5 zFJERWzYtgUmsXc3Du9uBMqclaC6F+7br6NblRagmoQxFszDEJKjNXznRYzNPcQAz/d0 LLZg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=LmlRUt+LrAIRpO93jC5GX6E0WQ5B+QWA1zTxzigHUaA=; b=qNZjtYQAO5oZcHMSTGIczE8opOfVNgHv4x8E6oXNMDvDre7EQcp4yVYe9/gEKRy6UE abaLjOs8Ga8zU1bsasjHFp6mGfbJU33y4YEbWnUV0JqZt/2G9RpgGjceK8gF9F0QaHmX fK3UHKXNFcgeLiHXFl7rhyNyaDg1ahcziJBhhrRYQgN08J5y5esgqcrPpNvktd227fCn 4DwqlpKUPXZXBhBCecVGRT0CPx+v7gSHmNKeVb9F4LZEiGFk1A1AxC30Tv14ErcTK1Lo zcWk2fo+kIRN2/Y6QKF1gcHyku3SQIVFQvEMTQ0MJJiD6ih5AWqS+rfHzSQ2gtUf5Cny 9XfQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=GcBXRBSB; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id dk24si1248142edb.238.2021.02.24.05.37.06; Wed, 24 Feb 2021 05:38:16 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=GcBXRBSB; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236604AbhBXNY6 (ORCPT + 99 others); Wed, 24 Feb 2021 08:24:58 -0500 Received: from mail.kernel.org ([198.145.29.99]:51002 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235376AbhBXMzP (ORCPT ); Wed, 24 Feb 2021 07:55:15 -0500 Received: by mail.kernel.org (Postfix) with ESMTPSA id E3EB064F26; Wed, 24 Feb 2021 12:51:32 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1614171093; bh=V+Mu4w/uu1b+FG/iSE/9oCAo4LbxmWpqVROZ6wuueF8=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=GcBXRBSB1MEpadNhdZhGE0gidBwcVSS9kTRpQ92c0cxMOruh6nsilnuovi71MA03I 9/4c0I0+Sz/nTxUeBCoRnSVlTiZAyJUUM6YwwwRLyFR6bNBFeMDwUAZY4re4whSB2L HtJ9oYO61+p3XaSgdta4GoRPk+gLqjKWiFEb76rnxAjSpsYY7WnaQgnEyhm7nJ81Z+ DbwqXX6en8LV1M3avzgFoAe5iOJHE4FSMNeNppxBIoqf/UWVpoPygCH+bxXHYWNQfJ Sxe1Gm4jbifGi9xibjssBtSPWL7BxzSWbrST4g4i926oEP76haEpx8Ri/CHmlfNC5u fdXU2FhLGyDEw== From: Sasha Levin To: linux-kernel@vger.kernel.org, stable@vger.kernel.org Cc: "Andrea Parri (Microsoft)" , Juan Vazquez , Michael Kelley , Wei Liu , Sasha Levin , linux-hyperv@vger.kernel.org Subject: [PATCH AUTOSEL 5.11 50/67] Drivers: hv: vmbus: Initialize memory to be sent to the host Date: Wed, 24 Feb 2021 07:50:08 -0500 Message-Id: <20210224125026.481804-50-sashal@kernel.org> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20210224125026.481804-1-sashal@kernel.org> References: <20210224125026.481804-1-sashal@kernel.org> MIME-Version: 1.0 X-stable: review X-Patchwork-Hint: Ignore Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: "Andrea Parri (Microsoft)" [ Upstream commit e99c4afbee07e9323e9191a20b24d74dbf815bdf ] __vmbus_open() and vmbus_teardown_gpadl() do not inizialite the memory for the vmbus_channel_open_channel and the vmbus_channel_gpadl_teardown objects they allocate respectively. These objects contain padding bytes and fields that are left uninitialized and that are later sent to the host, potentially leaking guest data. Zero initialize such fields to avoid leaking sensitive information to the host. Reported-by: Juan Vazquez Signed-off-by: Andrea Parri (Microsoft) Reviewed-by: Michael Kelley Link: https://lore.kernel.org/r/20201209070827.29335-2-parri.andrea@gmail.com Signed-off-by: Wei Liu Signed-off-by: Sasha Levin --- drivers/hv/channel.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/hv/channel.c b/drivers/hv/channel.c index 6fb0c76bfbf81..0bd202de79600 100644 --- a/drivers/hv/channel.c +++ b/drivers/hv/channel.c @@ -618,7 +618,7 @@ static int __vmbus_open(struct vmbus_channel *newchannel, goto error_clean_ring; /* Create and init the channel open message */ - open_info = kmalloc(sizeof(*open_info) + + open_info = kzalloc(sizeof(*open_info) + sizeof(struct vmbus_channel_open_channel), GFP_KERNEL); if (!open_info) { @@ -745,7 +745,7 @@ int vmbus_teardown_gpadl(struct vmbus_channel *channel, u32 gpadl_handle) unsigned long flags; int ret; - info = kmalloc(sizeof(*info) + + info = kzalloc(sizeof(*info) + sizeof(struct vmbus_channel_gpadl_teardown), GFP_KERNEL); if (!info) return -ENOMEM; -- 2.27.0