|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [xen stable-4.16] libxl: Use zero-ed memory for PVH acpi tables
commit 78f66ae66f9f6e885bc7a4e3a135094966da41c4
Author: Jason Andryuk <jason.andryuk@xxxxxxx>
AuthorDate: Tue Nov 12 14:15:02 2024 +0100
Commit: Jan Beulich <jbeulich@xxxxxxxx>
CommitDate: Tue Nov 12 14:15:02 2024 +0100
libxl: Use zero-ed memory for PVH acpi tables
xl/libxl memory is leaking into a PVH guest through uninitialized
portions of the ACPI tables.
Use libxl_zalloc() to obtain zero-ed memory to avoid this issue.
This is XSA-464 / CVE-2024-45819.
Signed-off-by: Jason Andryuk <jason.andryuk@xxxxxxx>
Fixes: 14c0d328da2b ("libxl/acpi: Build ACPI tables for HVMlite guests")
Reviewed-by: Jan Beulich <jbeulich@xxxxxxxx>
master commit: 0bfe567b58f1182889dea9207103fc9d00baf414
master date: 2024-11-12 13:32:45 +0100
---
tools/libs/light/libxl_x86_acpi.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/tools/libs/light/libxl_x86_acpi.c
b/tools/libs/light/libxl_x86_acpi.c
index 57a6b63790..34eefe0e03 100644
--- a/tools/libs/light/libxl_x86_acpi.c
+++ b/tools/libs/light/libxl_x86_acpi.c
@@ -176,10 +176,11 @@ int libxl__dom_load_acpi(libxl__gc *gc,
goto out;
}
- config.rsdp = (unsigned long)libxl__malloc(gc, libxl_ctxt.page_size);
- config.infop = (unsigned long)libxl__malloc(gc, libxl_ctxt.page_size);
+ /* These are all copied into guest memory, so use zero-ed memory. */
+ config.rsdp = (unsigned long)libxl__zalloc(gc, libxl_ctxt.page_size);
+ config.infop = (unsigned long)libxl__zalloc(gc, libxl_ctxt.page_size);
/* Pages to hold ACPI tables */
- libxl_ctxt.buf = libxl__malloc(gc, NUM_ACPI_PAGES *
+ libxl_ctxt.buf = libxl__zalloc(gc, NUM_ACPI_PAGES *
libxl_ctxt.page_size);
/*
--
generated by git-patchbot for /home/xen/git/xen.git#stable-4.16
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |