Drivers: hv: vmbus: Initialize memory to be sent to the host

__vmbus_open() and vmbus_teardown_gpadl() do not inizialite the memory
for the vmbus_channel_open_channel and the vmbus_channel_gpadl_teardown
objects they allocate respectively.  These objects contain padding bytes
and fields that are left uninitialized and that are later sent to the
host, potentially leaking guest data.  Zero initialize such fields to
avoid leaking sensitive information to the host.

Reported-by: Juan Vazquez <juvazq@microsoft.com>
Signed-off-by: Andrea Parri (Microsoft) <parri.andrea@gmail.com>
Reviewed-by: Michael Kelley <mikelley@microsoft.com>
Link: https://lore.kernel.org/r/20201209070827.29335-2-parri.andrea@gmail.com
Signed-off-by: Wei Liu <wei.liu@kernel.org>

diff --git a/drivers/hv/channel.c b/drivers/hv/channel.c
index 0d63862d655181bcf65572fde27796ff3d1313c6..9aa789e5f22bb908401f5fd4d6de55c9b17aebbe 100644 (file)
--- a/drivers/hv/channel.c
+++ b/drivers/hv/channel.c
@@ -621,7 +621,7 @@ static int __vmbus_open(struct vmbus_channel *newchannel,
                goto error_clean_ring;
 
        /* Create and init the channel open message */
-       open_info = kmalloc(sizeof(*open_info) +
+       open_info = kzalloc(sizeof(*open_info) +
                           sizeof(struct vmbus_channel_open_channel),
                           GFP_KERNEL);
        if (!open_info) {
@@ -748,7 +748,7 @@ int vmbus_teardown_gpadl(struct vmbus_channel *channel, u32 gpadl_handle)
        unsigned long flags;
        int ret;
 
-       info = kmalloc(sizeof(*info) +
+       info = kzalloc(sizeof(*info) +
                       sizeof(struct vmbus_channel_gpadl_teardown), GFP_KERNEL);
        if (!info)
                return -ENOMEM;