summaryrefslogtreecommitdiff
path: root/virt
diff options
context:
space:
mode:
authorChristian Borntraeger <borntraeger@de.ibm.com>2017-01-12 16:25:15 +0100
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>2017-01-26 08:24:39 +0100
commite0641f201114700dceac729babc89991ebb4b3ef (patch)
treed49587eb32c8295df28261363bbeed83dca98435 /virt
parent001ed27d088a4f66de05d440a2e7c8dd018be457 (diff)
KVM: s390: do not expose random data via facility bitmap
commit 04478197416e3a302e9ebc917ba1aa884ef9bfab upstream. kvm_s390_get_machine() populates the facility bitmap by copying bytes from the host results that are stored in a 256 byte array in the prefix page. The KVM code does use the size of the target buffer (2k), thus copying and exposing unrelated kernel memory (mostly machine check related logout data). Let's use the size of the source buffer instead. This is ok, as the target buffer will always be greater or equal than the source buffer as the KVM internal buffers (and thus S390_ARCH_FAC_LIST_SIZE_BYTE) cover the maximum possible size that is allowed by STFLE, which is 256 doublewords. All structures are zero allocated so we can leave bytes 256-2047 unchanged. Add a similar fix for kvm_arch_init_vm(). Reported-by: Heiko Carstens <heiko.carstens@de.ibm.com> [found with smatch] Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com> Acked-by: Cornelia Huck <cornelia.huck@de.ibm.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'virt')
0 files changed, 0 insertions, 0 deletions