Received: by 2002:a05:6a10:8c0a:0:0:0:0 with SMTP id go10csp412786pxb; Wed, 24 Feb 2021 05:44:33 -0800 (PST) X-Google-Smtp-Source: ABdhPJz+OEkwzmaw3IEuG70u8k7J6d4lEFkdpl/V80ieLMpDqwilFZzewehiiFufDadQYWfHilcs X-Received: by 2002:a17:906:c0cd:: with SMTP id bn13mr30043200ejb.368.1614174272984; Wed, 24 Feb 2021 05:44:32 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1614174272; cv=none; d=google.com; s=arc-20160816; b=xQX7M+loEo7AYxTsREbKYCXdzOILbrJK0/DfDMHA2RF1y2kDbVEF6+qo9hz8b7vDpg vKau6DVAeOmcY/BkoRTctOAU7E8iIb+Y5K4BmNRkBaUubhjP3wZAps7tyh8FXullOCsb 02ZbRBQHwOaQ/vZJ/z8I/zYY58r14HFbylzMWNbHZ0XVFi0ZS3Jf3ycTFIggsExOl2hG PSauBeqe0nR3yWmxorxCunVqa8KOp1Rtmi6ISPg+Sew41KnhOE2DLhZAW/EzSlpiAdFi e7QL2sGZVvtywEgUkBu49jdtxmkh7N2NfZ6z3OUb11jmvSbd8RVSfPsBdxjHckZKqvzZ 0ryw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=/39aGY431LiD1TyyEMe3nNFkd0o1xRt+O2Ovrspuxls=; b=Y/N6RJVjT5focleDFX2SD1pBmUF3HYe0FwCp7ZqmLgRavWXyO/gkejpTwl7Ybx7jFc 7zB6C7CvWxXwK2W42p0khJXaYpYIaFzpRvDwe6CfvAhYTWINuEMf5daf7H+MqwtKtJ/a 4ArMGWvYqhhF3SvSQVgSFlfi3eXAbigA6jvwMLTHt3sBs9G1jS78UFcxMoAs2RA6UOfu zMQD2HH+WmhyQaVI4lxDOXvCqIUAih3b3LxzVXRa0T5rZo6IeenqXKAOnIPAre2+31Wb 9OJ6nlTKY+cyFT4q6+S2zHKi8cqf/0Y03KEztpUnTVjjq/+nxbNj5fwivJErlQbzq4eC cH5A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=CWJz3Vtz; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id k6si1286832ejz.420.2021.02.24.05.43.35; Wed, 24 Feb 2021 05:44:32 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=CWJz3Vtz; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237280AbhBXNfN (ORCPT + 99 others); Wed, 24 Feb 2021 08:35:13 -0500 Received: from mail.kernel.org ([198.145.29.99]:54798 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234414AbhBXNB0 (ORCPT ); Wed, 24 Feb 2021 08:01:26 -0500 Received: by mail.kernel.org (Postfix) with ESMTPSA id C9C2564F48; Wed, 24 Feb 2021 12:53:04 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1614171185; bh=SDaAoKhN4M1rL5X4X8nRSY9FAt8oFdpyzhohOMA9ZZQ=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=CWJz3VtzEyfmOi9ia3zbouNmAzcRxV5CUDF/poWImnqCxVhx5NKpJ1utKoyBWmKME NEWBg22bxg0TK4wZ5t3HikrBqMMJN1hE6bsPf5kqmUJTBOL3MviGtfNUc0acyyqcww JkkazSt9ruBoYL4aYR0M/ZGeRXiwyusMYxEXEwhDjzvRX48uCAH+1p2wP6IamajiM2 pQIIfRwzgGW2Y6W2RnDoebKUYBY8/kdBtalDF9NwNXSlvo0A6C1QDk7HDoEkjXarCE HYMp7lUNVJX/jz1WgOcAWvWxCI4HJiXlyE2FKDqKtSD8MP8hfY56DEp0/oaawjUxdQ Ix9lLlGBpRm5A== From: Sasha Levin To: linux-kernel@vger.kernel.org, stable@vger.kernel.org Cc: "Andrea Parri (Microsoft)" , Juan Vazquez , Michael Kelley , Wei Liu , Sasha Levin , linux-hyperv@vger.kernel.org Subject: [PATCH AUTOSEL 5.10 40/56] Drivers: hv: vmbus: Initialize memory to be sent to the host Date: Wed, 24 Feb 2021 07:51:56 -0500 Message-Id: <20210224125212.482485-40-sashal@kernel.org> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20210224125212.482485-1-sashal@kernel.org> References: <20210224125212.482485-1-sashal@kernel.org> MIME-Version: 1.0 X-stable: review X-Patchwork-Hint: Ignore Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: "Andrea Parri (Microsoft)" [ Upstream commit e99c4afbee07e9323e9191a20b24d74dbf815bdf ] __vmbus_open() and vmbus_teardown_gpadl() do not inizialite the memory for the vmbus_channel_open_channel and the vmbus_channel_gpadl_teardown objects they allocate respectively. These objects contain padding bytes and fields that are left uninitialized and that are later sent to the host, potentially leaking guest data. Zero initialize such fields to avoid leaking sensitive information to the host. Reported-by: Juan Vazquez Signed-off-by: Andrea Parri (Microsoft) Reviewed-by: Michael Kelley Link: https://lore.kernel.org/r/20201209070827.29335-2-parri.andrea@gmail.com Signed-off-by: Wei Liu Signed-off-by: Sasha Levin --- drivers/hv/channel.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/hv/channel.c b/drivers/hv/channel.c index fbdda9938039a..f9f04b5cd303f 100644 --- a/drivers/hv/channel.c +++ b/drivers/hv/channel.c @@ -548,7 +548,7 @@ static int __vmbus_open(struct vmbus_channel *newchannel, goto error_clean_ring; /* Create and init the channel open message */ - open_info = kmalloc(sizeof(*open_info) + + open_info = kzalloc(sizeof(*open_info) + sizeof(struct vmbus_channel_open_channel), GFP_KERNEL); if (!open_info) { @@ -674,7 +674,7 @@ int vmbus_teardown_gpadl(struct vmbus_channel *channel, u32 gpadl_handle) unsigned long flags; int ret; - info = kmalloc(sizeof(*info) + + info = kzalloc(sizeof(*info) + sizeof(struct vmbus_channel_gpadl_teardown), GFP_KERNEL); if (!info) return -ENOMEM; -- 2.27.0