| Message ID | 20180605152303.14450-2-julien.grall@arm.com |
|---|---|
| State | Superseded |
| Headers | show |
| Series | xen/arm: SSBD (aka Spectre-v4) mitigation (XSA-263) | expand |
On Tue, 5 Jun 2018, Julien Grall wrote: > A stack is allocated per vCPU to be used by Xen. The allocation is done > with alloc_xenheap_pages that does not zero the memory returned. However > the top of the stack is containing information that will be used to > store the initial state of the vCPU (see struct cpu_info). Some of the > fields may not be initialized and will lead to use/leak bits of previous > memory in some cases on the first run of vCPU (AFAICT this only happen on > vCPU0 for Dom0). > > This is part of XSA-263. > > Signed-off-by: Julien Grall <julien.grall@arm.com> Reviewed-by: Stefano Stabellini <sstabellini@kernel.org> > --- > Changes in v2: > - Zero only cpu_info > --- > xen/arch/arm/domain.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/xen/arch/arm/domain.c b/xen/arch/arm/domain.c > index ec0f042bf7..5a2a9a6b83 100644 > --- a/xen/arch/arm/domain.c > +++ b/xen/arch/arm/domain.c > @@ -550,6 +550,7 @@ int vcpu_initialise(struct vcpu *v) > v->arch.cpu_info = (struct cpu_info *)(v->arch.stack > + STACK_SIZE > - sizeof(struct cpu_info)); > + memset(v->arch.cpu_info, 0, sizeof(*v->arch.cpu_info)); > > memset(&v->arch.saved_context, 0, sizeof(v->arch.saved_context)); > v->arch.saved_context.sp = (register_t)v->arch.cpu_info; > -- > 2.11.0 >
diff --git a/xen/arch/arm/domain.c b/xen/arch/arm/domain.c index ec0f042bf7..5a2a9a6b83 100644 --- a/xen/arch/arm/domain.c +++ b/xen/arch/arm/domain.c @@ -550,6 +550,7 @@ int vcpu_initialise(struct vcpu *v) v->arch.cpu_info = (struct cpu_info *)(v->arch.stack + STACK_SIZE - sizeof(struct cpu_info)); + memset(v->arch.cpu_info, 0, sizeof(*v->arch.cpu_info)); memset(&v->arch.saved_context, 0, sizeof(v->arch.saved_context)); v->arch.saved_context.sp = (register_t)v->arch.cpu_info;
A stack is allocated per vCPU to be used by Xen. The allocation is done with alloc_xenheap_pages that does not zero the memory returned. However the top of the stack is containing information that will be used to store the initial state of the vCPU (see struct cpu_info). Some of the fields may not be initialized and will lead to use/leak bits of previous memory in some cases on the first run of vCPU (AFAICT this only happen on vCPU0 for Dom0). This is part of XSA-263. Signed-off-by: Julien Grall <julien.grall@arm.com> --- Changes in v2: - Zero only cpu_info --- xen/arch/arm/domain.c | 1 + 1 file changed, 1 insertion(+)