@@ -1352,7 +1352,6 @@ long do_mca(XEN_GUEST_HANDLE_PARAM(xen_m
} mc_physcpuinfo;
uint32_t flags, cmdflags;
int nlcpu;
- xen_mc_logical_cpu_t *log_cpus = NULL;
mctelem_cookie_t mctc;
mctelem_class_t which;
unsigned int target;
@@ -1445,11 +1444,13 @@ long do_mca(XEN_GUEST_HANDLE_PARAM(xen_m
? !guest_handle_is_null(mc_physcpuinfo.nat->info)
: !compat_handle_is_null(mc_physcpuinfo.cmp->info) )
{
+ xen_mc_logical_cpu_t *log_cpus;
+
if ( mc_physcpuinfo.nat->ncpus <= 0 )
return x86_mcerr("do_mca cpuinfo: ncpus <= 0",
-EINVAL);
nlcpu = min(nlcpu, (int)mc_physcpuinfo.nat->ncpus);
- log_cpus = xmalloc_array(xen_mc_logical_cpu_t, nlcpu);
+ log_cpus = xzalloc_array(xen_mc_logical_cpu_t, nlcpu);
if ( log_cpus == NULL )
return x86_mcerr("do_mca cpuinfo", -ENOMEM);
on_each_cpu(do_mc_get_cpu_info, log_cpus, 1);
While HYPERVISOR_mca is a privileged operation, we still shouldn't leak stack contents (the tail of every array entry's mc_msrvalues[] of XEN_MC_physcpuinfo output). Simply use a zeroing allocation here. Take the occasion and also restrict the involved local variable's scope. Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com> Signed-off-by: Jan Beulich <jbeulich@suse.com>