From patchwork Tue May 22 17:42:42 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Julien Grall X-Patchwork-Id: 136594 Delivered-To: patch@linaro.org Received: by 2002:a2e:9706:0:0:0:0:0 with SMTP id r6-v6csp1929542lji; Tue, 22 May 2018 10:45:48 -0700 (PDT) X-Google-Smtp-Source: AB8JxZqjTJXrxOCMXlAU5I3JYK2H/5FXGnJ8mhYkL7/YcL7XW/RH61Jw1wZ4f1ksukS6v5OLFYZ8 X-Received: by 2002:a6b:9bcc:: with SMTP id d195-v6mr26667140ioe.15.1527011148638; Tue, 22 May 2018 10:45:48 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1527011148; cv=none; d=google.com; s=arc-20160816; b=AQptMJfW+eNas8g4Q6r4aZAiWW4k0TgnA+xKK3LfYXs72p9XuciZbCeOu8+VTY8FFX i3VmR3dSuY2GwgfAz9CSyhpG7UWIMbg3aq1e1b0Hl2XBho+JDFqHOLzBoe96L6KwJAkU TS2eFtPbKTszA9TITkGQU6M/xcGt7Jld6/3yyialvM+JkjlAcbS6cNViMNTDZCQlcrQk GREeCca2fY9Rpo0NZfWpw6DEFlbtxMMOOpeXzoCp58g50aUS7K2GVNQuBXCnrYjYhkoM SxWiaWm7dt9jn/P5VEX0PcqPs/3u1arcjqhFkH1FaRHebHFgs8FiNE9Rxx8kLIEXUWEC 6zWA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:mime-version:cc :list-subscribe:list-help:list-post:list-unsubscribe:list-id :precedence:subject:references:in-reply-to:message-id:date:to:from :arc-authentication-results; bh=xxv8jx/k05rVku5cq8qrSezxD02DU4zZplKtb96fLOs=; b=IuAeJXwXQfi+zJ7JvfqEv/VGrHgcJWk2xMw92cYLkT/2DIiMuSSIWNEoPKgKGB31xY rdCjLHw2O0imwo8FvQxW9r573OU3FVtyCNtccb1xUUSitaX8vB3gki+p5RFIgRmOSvWx IY92HVIn0FRLDvZQ2B3Cuk60LYzpPf9i1pMYZt3tSfZGfV5UL6m+YIMfcb4ZLJw7kLyN LR5nb8QBpiMVH05VgG0EREPND2CgX9LV/Bq+B07oq5lwu+C+sYqzCbRktOXzLvFJ8Rfd du7YpZnAtrc+wfY8IB1k7DEawWqvPRktIerg9bBMangDJAmZ1ID6SGrqW8GK5WYNcYNc V8YQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of xen-devel-bounces@lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Return-Path: Received: from lists.xenproject.org (lists.xenproject.org. [192.237.175.120]) by mx.google.com with ESMTPS id p64-v6si13650707iof.217.2018.05.22.10.45.48 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Tue, 22 May 2018 10:45:48 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of xen-devel-bounces@lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of xen-devel-bounces@lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1fLBJT-00029Q-Lw; Tue, 22 May 2018 17:43:07 +0000 Received: from us1-rack-dfw2.inumbo.com ([104.130.134.6]) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1fLBJS-00029E-JT for xen-devel@lists.xenproject.org; Tue, 22 May 2018 17:43:06 +0000 X-Inumbo-ID: 519d1b21-5de7-11e8-9728-bc764e045a96 Received: from foss.arm.com (unknown [217.140.101.70]) by us1-rack-dfw2.inumbo.com (Halon) with ESMTP id 519d1b21-5de7-11e8-9728-bc764e045a96; Tue, 22 May 2018 19:41:12 +0200 (CEST) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 0786115AD; Tue, 22 May 2018 10:43:05 -0700 (PDT) Received: from e108454-lin.cambridge.arm.com (e108454-lin.cambridge.arm.com [10.1.206.53]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 1D3483F589; Tue, 22 May 2018 10:43:03 -0700 (PDT) From: Julien Grall To: xen-devel@lists.xenproject.org Date: Tue, 22 May 2018 18:42:42 +0100 Message-Id: <20180522174254.27551-2-julien.grall@arm.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20180522174254.27551-1-julien.grall@arm.com> References: <20180522174254.27551-1-julien.grall@arm.com> Subject: [Xen-devel] [PATCH 01/13] xen/arm: domain: Zeroed the vCPU stack X-BeenThere: xen-devel@lists.xenproject.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Cc: andre.przywara@arm.com, Julien Grall , sstabellini@kernel.org MIME-Version: 1.0 Errors-To: xen-devel-bounces@lists.xenproject.org Sender: "Xen-devel" A stack is allocated per vCPU to be used by Xen. The allocation is done with alloc_xenheap_pages that does not zero the memory returned. However the top of the stack is containing information that will be used to store the initial state of the vCPU (see struct cpu_info). Some of the fields may not be initialized and will lead to use/leak bits of previous memory in some cases on the first run of vCPU (AFAICT this only happen on vCPU0 for Dom0). While this is not strictly necessary, this patch zero the full stack to avoid more leakage. This is part of XSA-263. Signed-off-by: Julien Grall --- xen/arch/arm/domain.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/xen/arch/arm/domain.c b/xen/arch/arm/domain.c index ec0f042bf7..e7b33e92fb 100644 --- a/xen/arch/arm/domain.c +++ b/xen/arch/arm/domain.c @@ -540,6 +540,7 @@ void free_vcpu_struct(struct vcpu *v) int vcpu_initialise(struct vcpu *v) { int rc = 0; + unsigned int i; BUILD_BUG_ON( sizeof(struct cpu_info) > STACK_SIZE ); @@ -547,6 +548,9 @@ int vcpu_initialise(struct vcpu *v) if ( v->arch.stack == NULL ) return -ENOMEM; + for ( i = 0; i < (1U << STACK_ORDER); i++ ) + clear_page(v->arch.stack + (PAGE_SIZE * i)); + v->arch.cpu_info = (struct cpu_info *)(v->arch.stack + STACK_SIZE - sizeof(struct cpu_info));