[PATCH] hyperv: mshv: zero VTL hypercall input page

From: Yousef Alhouseen

Date: Wed Jun 24 2026 - 13:57:57 EST


mshv_vtl_hvcall_call() copies only the user-provided input size.

It then passes the page to hv_do_hypercall().

For short inputs, stale bytes can remain in the bounce page.

Those bytes can be consumed by the hypervisor.

Allocate the input page zeroed, matching the output page.

Signed-off-by: Yousef Alhouseen <alhouseenyousef@xxxxxxxxx>
---
drivers/hv/mshv_vtl_main.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/hv/mshv_vtl_main.c b/drivers/hv/mshv_vtl_main.c
index 0365d207c..f2633148c 100644
--- a/drivers/hv/mshv_vtl_main.c
+++ b/drivers/hv/mshv_vtl_main.c
@@ -1146,7 +1146,7 @@ static int mshv_vtl_hvcall_call(struct mshv_vtl_hvcall_fd *fd,
*
* TODO: Take care of this when CVM support is added.
*/
- in = (void *)__get_free_page(GFP_KERNEL);
+ in = (void *)__get_free_page(GFP_KERNEL | __GFP_ZERO);
out = (void *)__get_free_page(GFP_KERNEL | __GFP_ZERO);
if (!in || !out) {
ret = -ENOMEM;
--
2.54.0