Re: Re: KMSAN: uninit-value in _copy_to_iter (2)

From: syzbot
Date: Thu Jun 07 2018 - 11:39:00 EST

Next message: Andy Lutomirski: "Re: [PATCH 2/5] x86/fpu/xstate: Change some names to separate XSAVES system and user states"
Previous message: Yu-cheng Yu: "[PATCH 07/10] mm: Prevent mprotect from changing shadow stack"
In reply to: Michael S. Tsirkin: "Re: KMSAN: uninit-value in _copy_to_iter (2)"
Next in thread: Dmitry Vyukov: "Re: KMSAN: uninit-value in _copy_to_iter (2)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

#syz test: https://github.com/google/kmsan.git/master d2d741e5d1898dfde1a75ea3d29a9a3e2edf0617

"https://github.com/google/kmsan.git/master"; does not look like a valid git repo address.

Subject: vhost: fix info leak

Fixes: CVE-2018-1118
Signed-off-by: Michael S. Tsirkin <mst@xxxxxxxxxx>
---
diff --git a/drivers/vhost/vhost.c b/drivers/vhost/vhost.c
index f0be5f35ab28..9beefa6ed1ce 100644
--- a/drivers/vhost/vhost.c
+++ b/drivers/vhost/vhost.c
@@ -2345,6 +2345,9 @@ struct vhost_msg_node *vhost_new_msg(struct vhost_virtqueue *vq, int type)
struct vhost_msg_node *node = kmalloc(sizeof *node, GFP_KERNEL);
if (!node)
return NULL;
+
+ /* Make sure all padding within the structure is initialized. */
+ memset(&node->msg, 0, sizeof node->msg);
node->vq = vq;
node->msg.type = type;
return node;

Next message: Andy Lutomirski: "Re: [PATCH 2/5] x86/fpu/xstate: Change some names to separate XSAVES system and user states"
Previous message: Yu-cheng Yu: "[PATCH 07/10] mm: Prevent mprotect from changing shadow stack"
In reply to: Michael S. Tsirkin: "Re: KMSAN: uninit-value in _copy_to_iter (2)"
Next in thread: Dmitry Vyukov: "Re: KMSAN: uninit-value in _copy_to_iter (2)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]