| Message ID | 20170518173732.12185-3-rkrcmar@redhat.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
On 18.05.2017 19:37, Radim Krčmář wrote: > Static checker noticed that base3 could be used uninitialized if the > segment was not present (useable). Random stack values probably would > not pass VMCS entry checks. > > Reported-by: Dan Carpenter <dan.carpenter@oracle.com> > Fixes: 1aa366163b8b ("KVM: x86 emulator: consolidate segment accessors") > Signed-off-by: Radim Krčmář <rkrcmar@redhat.com> > --- > arch/x86/kvm/x86.c | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c > index b54125b590e8..eed8272dd52e 100644 > --- a/arch/x86/kvm/x86.c > +++ b/arch/x86/kvm/x86.c > @@ -5053,6 +5053,8 @@ static bool emulator_get_segment(struct x86_emulate_ctxt *ctxt, u16 *selector, > > if (var.unusable) { > memset(desc, 0, sizeof(*desc)); > + if (base3) > + *base3 = 0; > return false; > } > > Reviewed-by: David Hildenbrand <david@redhat.com>
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index b54125b590e8..eed8272dd52e 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -5053,6 +5053,8 @@ static bool emulator_get_segment(struct x86_emulate_ctxt *ctxt, u16 *selector, if (var.unusable) { memset(desc, 0, sizeof(*desc)); + if (base3) + *base3 = 0; return false; }
Static checker noticed that base3 could be used uninitialized if the segment was not present (useable). Random stack values probably would not pass VMCS entry checks. Reported-by: Dan Carpenter <dan.carpenter@oracle.com> Fixes: 1aa366163b8b ("KVM: x86 emulator: consolidate segment accessors") Signed-off-by: Radim Krčmář <rkrcmar@redhat.com> --- arch/x86/kvm/x86.c | 2 ++ 1 file changed, 2 insertions(+)