[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] argo: don't leak stack contents when returning ring info



On 14.01.2021 17:59, Roger Pau Monné wrote:
> On Thu, Jan 14, 2021 at 03:01:06PM +0100, Jan Beulich wrote:
>> The max_message_size field of the output gets filled only when the flags
>> field is non-zero. Don't copy back uninitialized data to guest context.
> 
> I'm afraid I'm missing something. AFAICT ent gets filled from the
> user-space contents of data_ent_hnd that's copied from user-space at
> the top of the function,

Oh, I managed to overlook this multiple time, so ...

> so there's no leak from hypervisor stack in
> the return path?

... yes indeed. Withdrawing the patch.

Thanks for noticing,
Jan



 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.