KVM: x86: zero base3 of unusable segments

rkrcmar · gregkh · commit 77d977dd78b3 · 2017-07-05T14:37:23.000+02:00
commit f0367ee1d64d27fa08be2407df5c125442e885e3 upstream. Static checker noticed that base3 could be used uninitialized if the segment was not present (useable). Random stack values probably would not pass VMCS entry checks. Reported-by: Dan Carpenter <dan.carpenter@oracle.com> Fixes: 1aa3661 ("KVM: x86 emulator: consolidate segment accessors") Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: David Hildenbrand <david@redhat.com> Signed-off-by: Radim Krčmář <rkrcmar@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
@@ -4844,6 +4844,8 @@ static bool emulator_get_segment(struct x86_emulate_ctxt *ctxt, u16 *selector,
 
 	if (var.unusable) {
 		memset(desc, 0, sizeof(*desc));
+		if (base3)
+			*base3 = 0;
 		return false;
 	}
 

Original file line number	Diff line number	Diff line change
`@@ -4844,6 +4844,8 @@ static bool emulator_get_segment(struct x86_emulate_ctxt ctxt, u16 selector,`
`4844`	`4844`
`4845`	`4845`	`if (var.unusable) {`
`4846`	`4846`	`memset(desc, 0, sizeof(*desc));`
	`4847`	`+ if (base3)`
	`4848`	`+ *base3 = 0;`
`4847`	`4849`	`return false;`
`4848`	`4850`	`}`
`4849`	`4851`