[PATCH] hyperv: mshv: zero VTL hypercall input page
From: Yousef Alhouseen
Date: Wed Jun 24 2026 - 13:57:57 EST
mshv_vtl_hvcall_call() copies only the user-provided input size.
It then passes the page to hv_do_hypercall().
For short inputs, stale bytes can remain in the bounce page.
Those bytes can be consumed by the hypervisor.
Allocate the input page zeroed, matching the output page.
Signed-off-by: Yousef Alhouseen <alhouseenyousef@xxxxxxxxx>
---
drivers/hv/mshv_vtl_main.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/hv/mshv_vtl_main.c b/drivers/hv/mshv_vtl_main.c
index 0365d207c..f2633148c 100644
--- a/drivers/hv/mshv_vtl_main.c
+++ b/drivers/hv/mshv_vtl_main.c
@@ -1146,7 +1146,7 @@ static int mshv_vtl_hvcall_call(struct mshv_vtl_hvcall_fd *fd,
*
* TODO: Take care of this when CVM support is added.
*/
- in = (void *)__get_free_page(GFP_KERNEL);
+ in = (void *)__get_free_page(GFP_KERNEL | __GFP_ZERO);
out = (void *)__get_free_page(GFP_KERNEL | __GFP_ZERO);
if (!in || !out) {
ret = -ENOMEM;
--
2.54.0