[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] argo: don't leak stack contents when returning ring info

  • To: Jan Beulich <jbeulich@xxxxxxxx>
  • From: Roger Pau Monné <roger.pau@xxxxxxxxxx>
  • Date: Thu, 14 Jan 2021 17:59:14 +0100
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Lz+QH4bsi+s1cQF0qjtLP5OkcaVnZ0Qu4qlZxvUtncg=; b=DJzo4aZdRyfVJFG0LjuL3NgyjFOIr/rqjCZz+/e8m6wZlYE7zzwo9Nfu+VbmK9AHsIWSa5GFLkp+5P2qoG7K/i5QGWroVAo+bEcIVEJw4OYbD9syUi0ZOuiKT3/lATSpVeoDbQNrRNl5uZDJrU3hvz6xUP2Adb9da2WJRLqROfzOYmFFRd0dTWi4Aj0+s2lD+WSgPt+uzNc9ieog5tqhykxYNaIWKrkeEYcYD3njEIrW58MNPwohqM43QgPd8P/PZz05OmnRKiJknRNaHuk3MNYNOsIzFR/z/x3yvn/kSQI4WaZcOtscj8Njm7RArkSrBOXhkAg3zooaJz1F0DDImA==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=H5AlNS8cHI913siYoSSGJyyleFaA+vwxxAX8WWdKpV0tliHQekVrrFuXY3k8wqi/Uu2r94x4/skldicHbk8WJS0DT0KMC+PgdVmKHe2cLnZuvxiZcrNG5lXaOR8JVD6J/DrANykOoUxGGCys3utmy/5YGrUKHasYccTfxDPSoGFksGI6VvzVraGhtOBje5TfhduND+0umGKiT9jsqk5NXdQCRO2PkazgMwKfW1ji4Xdit4fAkBYNGjQl9iVMHYnb1pRKgN8E7eNPAsazRwv/yWkEn9MyMvTudBwtiFWXyhbPy/roxLTgJPq+ax49rdfwJBhS9CEvlnqTm1QTnMxbjg==
  • Authentication-results: esa3.hc3370-68.iphmx.com; dkim=pass (signature verified) header.i=@citrix.onmicrosoft.com
  • Cc: "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Christopher Clark <christopher.w.clark@xxxxxxxxx>
  • Delivery-date: Thu, 14 Jan 2021 16:59:31 +0000
  • Ironport-sdr: wvrbibotWmurLJCDVyqMHcl+NxZhwCbJlBbH6FyeZvicQhYWskPlrC8fbbhxN4O0rYaGyl6VGw S/v1umZOLdOzoKlEUiHCkMndTPySD4vxwSlY/yBHBsjJQhZWoUMLhbqFN6TUOUES2hFIwSSx1H +T8SBGWf59Bjwo9a7s3/qaq1w21FIxTExjGYN67L4HIovwWWYmPKdNi/zSeFtjJFDqD+jsFgjm sletX0pID0D3U1FRVnSc/qjgrTMuP7QPQo7jVmPe4oFq3pEZkYau1tc9rMEUKjDzUJwuakgyb2 zs4=
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On Thu, Jan 14, 2021 at 03:01:06PM +0100, Jan Beulich wrote:
> The max_message_size field of the output gets filled only when the flags
> field is non-zero. Don't copy back uninitialized data to guest context.

I'm afraid I'm missing something. AFAICT ent gets filled from the
user-space contents of data_ent_hnd that's copied from user-space at
the top of the function, so there's no leak from hypervisor stack in
the return path?

Thanks, Roger.

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.