[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [PATCH] argo: don't leak stack contents when returning ring info
The max_message_size field of the output gets filled only when the flags field is non-zero. Don't copy back uninitialized data to guest context. Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx> --- a/xen/common/argo.c +++ b/xen/common/argo.c @@ -1405,7 +1405,8 @@ fill_ring_data(const struct domain *curr rcu_unlock_domain(dst_d); if ( !ret && (__copy_field_to_guest(data_ent_hnd, &ent, flags) || - __copy_field_to_guest(data_ent_hnd, &ent, max_message_size)) ) + (ent.flags && + __copy_field_to_guest(data_ent_hnd, &ent, max_message_size))) ) return -EFAULT; return ret;
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |