From patchwork Tue Jun 12 11:36:31 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Julien Grall X-Patchwork-Id: 138325 Delivered-To: patch@linaro.org Received: by 2002:a2e:970d:0:0:0:0:0 with SMTP id r13-v6csp5234953lji; Tue, 12 Jun 2018 04:39:30 -0700 (PDT) X-Google-Smtp-Source: ADUXVKJKfOypDzqnJ2V/GQ499VyMx7YxqrhIMQYoKS3R1k8NrtkR0M/9x/WUBvuOJRrLjQ0BZgBV X-Received: by 2002:a24:5106:: with SMTP id s6-v6mr1559ita.134.1528803570734; Tue, 12 Jun 2018 04:39:30 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1528803570; cv=none; d=google.com; s=arc-20160816; b=xgLK7aXglg7StBx6MSFpomLFBW4GcqPVC6VF82Tld0ee5BdJoGKnQKfc2Qm/H21cmc 3fB8dvwClsyh942NS8wDYjUB5AAhOYLiOXy8DhAyQY45UEbMooL/BYGPaflmXu/ZbTV0 bTStaA37wUJHSE7PIC8fuq93T07eU2VR6pwj6Cp7l/61XwNiyCk2oaBexqpTLKMhYamW yj+Aod+Xlra23k/aFGBes5OUwmm8/hyuxYEjcqYXLuFa5QJep3J+dKSQ2w80ZCRzbrW/ 8rJ9z8PFLP/5Ln+PWD8bBYFqKhdu59Hx16CmvHaDNkuzyHIftSTqP7eQAj1mK2R+tYH/ kQEg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:mime-version:cc :list-subscribe:list-help:list-post:list-unsubscribe:list-id :precedence:subject:references:in-reply-to:message-id:date:to:from :arc-authentication-results; bh=kGUvn+YzMUEs/mY6yuKz3mbCWZYR/jFVUUlNWXLx8nQ=; b=y6DXcJrU/gJIItckA+5v0reDkv+oo3npPKzr09+BxSTuJ4BUecu7WFhgxNrJE/35y3 jxANrPy9x0Vl91WOKjdGoVOd9+XNzAvFFPdKegy6eWPEGGE4C8JPeBbErTni0J3rzxEK dpQlZneCcnagFiqpV5QFkkghgwaJjtm/wszjVifFWZaNoLj0eK62SCc5u42rbtOSQ8mF iOMassQcBBYDaAv/1QlhdNYIa7bGaUO8gwgFEvGRJ4d1SFt+lqyKHdM/xlflClQu7QVX XULKoEha706E3qZgLR++iMJSWQLoi1bkXY2DbnFGMVrIoXp7ryEhDFJIvp+M7uHEvORL ry6g== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of xen-devel-bounces@lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Return-Path: Received: from lists.xenproject.org (lists.xenproject.org. [192.237.175.120]) by mx.google.com with ESMTPS id n2-v6si654642iob.275.2018.06.12.04.39.30 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Tue, 12 Jun 2018 04:39:30 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of xen-devel-bounces@lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of xen-devel-bounces@lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1fShbZ-0000oJ-K7; Tue, 12 Jun 2018 11:36:53 +0000 Received: from all-amaz-eas1.inumbo.com ([34.197.232.57]) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1fShbX-0000nx-Re for xen-devel@lists.xenproject.org; Tue, 12 Jun 2018 11:36:51 +0000 X-Inumbo-ID: e8ee686d-6e34-11e8-bc1d-65256ead4e3a Received: from foss.arm.com (unknown [217.140.101.70]) by us1-amaz-eas1.inumbo.com (Halon) with ESMTP id e8ee686d-6e34-11e8-bc1d-65256ead4e3a; Tue, 12 Jun 2018 11:36:56 +0000 (UTC) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 2FC6C1596; Tue, 12 Jun 2018 04:36:51 -0700 (PDT) Received: from e108454-lin.cambridge.arm.com (e108454-lin.cambridge.arm.com [10.1.206.53]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 45D633F318; Tue, 12 Jun 2018 04:36:50 -0700 (PDT) From: Julien Grall To: xen-devel@lists.xenproject.org Date: Tue, 12 Jun 2018 12:36:31 +0100 Message-Id: <20180612113643.32020-2-julien.grall@arm.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20180612113643.32020-1-julien.grall@arm.com> References: <20180612113643.32020-1-julien.grall@arm.com> Subject: [Xen-devel] [PATCH v3 01/13] xen/arm: domain: Zero the per-vCPU cpu_info X-BeenThere: xen-devel@lists.xenproject.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Cc: andre.przywara@arm.com, Julien Grall , sstabellini@kernel.org MIME-Version: 1.0 Errors-To: xen-devel-bounces@lists.xenproject.org Sender: "Xen-devel" A stack is allocated per vCPU to be used by Xen. The allocation is done with alloc_xenheap_pages that does not zero the memory returned. However the top of the stack is containing information that will be used to store the initial state of the vCPU (see struct cpu_info). Some of the fields may not be initialized and will lead to use/leak bits of previous memory in some cases on the first run of vCPU (AFAICT this only happen on vCPU0 for Dom0). This is part of XSA-263. Signed-off-by: Julien Grall Reviewed-by: Stefano Stabellini --- Changes in v3: - Add stefano's reviewed-by Changes in v2: - Zero only cpu_info --- xen/arch/arm/domain.c | 1 + 1 file changed, 1 insertion(+) diff --git a/xen/arch/arm/domain.c b/xen/arch/arm/domain.c index ec0f042bf7..5a2a9a6b83 100644 --- a/xen/arch/arm/domain.c +++ b/xen/arch/arm/domain.c @@ -550,6 +550,7 @@ int vcpu_initialise(struct vcpu *v) v->arch.cpu_info = (struct cpu_info *)(v->arch.stack + STACK_SIZE - sizeof(struct cpu_info)); + memset(v->arch.cpu_info, 0, sizeof(*v->arch.cpu_info)); memset(&v->arch.saved_context, 0, sizeof(v->arch.saved_context)); v->arch.saved_context.sp = (register_t)v->arch.cpu_info;