|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-devel] [PATCH 01/13] xen/arm: domain: Zeroed the vCPU stack
A stack is allocated per vCPU to be used by Xen. The allocation is done
with alloc_xenheap_pages that does not zero the memory returned. However
the top of the stack is containing information that will be used to
store the initial state of the vCPU (see struct cpu_info). Some of the
fields may not be initialized and will lead to use/leak bits of previous
memory in some cases on the first run of vCPU (AFAICT this only happen on
vCPU0 for Dom0).
While this is not strictly necessary, this patch zero the full stack to
avoid more leakage.
This is part of XSA-263.
Signed-off-by: Julien Grall <julien.grall@xxxxxxx>
---
xen/arch/arm/domain.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/xen/arch/arm/domain.c b/xen/arch/arm/domain.c
index ec0f042bf7..e7b33e92fb 100644
--- a/xen/arch/arm/domain.c
+++ b/xen/arch/arm/domain.c
@@ -540,6 +540,7 @@ void free_vcpu_struct(struct vcpu *v)
int vcpu_initialise(struct vcpu *v)
{
int rc = 0;
+ unsigned int i;
BUILD_BUG_ON( sizeof(struct cpu_info) > STACK_SIZE );
@@ -547,6 +548,9 @@ int vcpu_initialise(struct vcpu *v)
if ( v->arch.stack == NULL )
return -ENOMEM;
+ for ( i = 0; i < (1U << STACK_ORDER); i++ )
+ clear_page(v->arch.stack + (PAGE_SIZE * i));
+
v->arch.cpu_info = (struct cpu_info *)(v->arch.stack
+ STACK_SIZE
- sizeof(struct cpu_info));
--
2.11.0
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |