[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-changelog] [xen staging] VMX: make vmx_read_guest_msr() cope with callers not checking its return value



commit e3a0b9ccf912c298920693a1a4de7f2df08c3f1a
Author:     Jan Beulich <jbeulich@xxxxxxxx>
AuthorDate: Tue Aug 28 17:12:05 2018 +0200
Commit:     Jan Beulich <jbeulich@xxxxxxxx>
CommitDate: Tue Aug 28 17:12:05 2018 +0200

    VMX: make vmx_read_guest_msr() cope with callers not checking its return 
value
    
    It took till the 4.5 backports of the L1TF prereqs that gcc 8.2 finally
    noticed that the vPMU callers, not checking the function's return value,
    may consume uninitialized data. Guard against this by storing zero on
    the error path.
    
    Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>
    Reviewed-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
    Acked-by: Kevin Tian <kevin.tian@xxxxxxxxx>
---
 xen/include/asm-x86/hvm/vmx/vmcs.h | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/xen/include/asm-x86/hvm/vmx/vmcs.h 
b/xen/include/asm-x86/hvm/vmx/vmcs.h
index c4d4f15d29..46668a7007 100644
--- a/xen/include/asm-x86/hvm/vmx/vmcs.h
+++ b/xen/include/asm-x86/hvm/vmx/vmcs.h
@@ -586,7 +586,10 @@ static inline int vmx_read_guest_msr(const struct vcpu *v, 
uint32_t msr,
     const struct vmx_msr_entry *ent = vmx_find_msr(v, msr, VMX_MSR_GUEST);
 
     if ( !ent )
+    {
+        *val = 0;
         return -ESRCH;
+    }
 
     *val = ent->data;
 
@@ -600,7 +603,10 @@ static inline int vmx_read_guest_loadonly_msr(
         vmx_find_msr(v, msr, VMX_MSR_GUEST_LOADONLY);
 
     if ( !ent )
+    {
+        *val = 0;
         return -ESRCH;
+    }
 
     *val = ent->data;
 
--
generated by git-patchbot for /home/xen/git/xen.git#staging

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/xen-changelog

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.