[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [xen stable-4.18] libxl: Use zero-ed memory for PVH acpi tables
commit 5f29c8c89afa7023d8d64a99be0d5b86e9299713 Author: Jason Andryuk <jason.andryuk@xxxxxxx> AuthorDate: Tue Nov 12 13:54:00 2024 +0100 Commit: Jan Beulich <jbeulich@xxxxxxxx> CommitDate: Tue Nov 12 13:54:00 2024 +0100 libxl: Use zero-ed memory for PVH acpi tables xl/libxl memory is leaking into a PVH guest through uninitialized portions of the ACPI tables. Use libxl_zalloc() to obtain zero-ed memory to avoid this issue. This is XSA-464 / CVE-2024-45819. Signed-off-by: Jason Andryuk <jason.andryuk@xxxxxxx> Fixes: 14c0d328da2b ("libxl/acpi: Build ACPI tables for HVMlite guests") Reviewed-by: Jan Beulich <jbeulich@xxxxxxxx> master commit: 0bfe567b58f1182889dea9207103fc9d00baf414 master date: 2024-11-12 13:32:45 +0100 --- tools/libs/light/libxl_x86_acpi.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/tools/libs/light/libxl_x86_acpi.c b/tools/libs/light/libxl_x86_acpi.c index 5cf261bd67..2574ce2553 100644 --- a/tools/libs/light/libxl_x86_acpi.c +++ b/tools/libs/light/libxl_x86_acpi.c @@ -176,10 +176,11 @@ int libxl__dom_load_acpi(libxl__gc *gc, goto out; } - config.rsdp = (unsigned long)libxl__malloc(gc, libxl_ctxt.page_size); - config.infop = (unsigned long)libxl__malloc(gc, libxl_ctxt.page_size); + /* These are all copied into guest memory, so use zero-ed memory. */ + config.rsdp = (unsigned long)libxl__zalloc(gc, libxl_ctxt.page_size); + config.infop = (unsigned long)libxl__zalloc(gc, libxl_ctxt.page_size); /* Pages to hold ACPI tables */ - libxl_ctxt.buf = libxl__malloc(gc, NUM_ACPI_PAGES * + libxl_ctxt.buf = libxl__zalloc(gc, NUM_ACPI_PAGES * libxl_ctxt.page_size); /* -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.18
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |