[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] argo: don't leak stack contents when returning ring info

To: Roger Pau Monné <roger.pau@xxxxxxxxxx>
From: Jan Beulich <jbeulich@xxxxxxxx>
Date: Thu, 14 Jan 2021 18:01:40 +0100
Cc: "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Christopher Clark <christopher.w.clark@xxxxxxxxx>
Delivery-date: Thu, 14 Jan 2021 17:01:43 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 14.01.2021 17:59, Roger Pau Monné wrote:
> On Thu, Jan 14, 2021 at 03:01:06PM +0100, Jan Beulich wrote:
>> The max_message_size field of the output gets filled only when the flags
>> field is non-zero. Don't copy back uninitialized data to guest context.
> 
> I'm afraid I'm missing something. AFAICT ent gets filled from the
> user-space contents of data_ent_hnd that's copied from user-space at
> the top of the function,

Oh, I managed to overlook this multiple time, so ...

> so there's no leak from hypervisor stack in
> the return path?

... yes indeed. Withdrawing the patch.

Thanks for noticing,
Jan

References:
- [PATCH] argo: don't leak stack contents when returning ring info
  - From: Jan Beulich
- Re: [PATCH] argo: don't leak stack contents when returning ring info
  - From: Roger Pau Monné

Prev by Date: Re: [PATCH] argo: don't leak stack contents when returning ring info
Next by Date: Re: [PATCH v2 0/7] Rid W=1 warnings in Ethernet
Previous by thread: Re: [PATCH] argo: don't leak stack contents when returning ring info
Next by thread: [PATCH] common: don't require use of DOMID_SELF
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.