1 files changed, 7 insertions, 0 deletions
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index 3d27206f6c01..e67ecf25e690 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -5116,6 +5116,13 @@ int kvm_read_guest_virt(struct kvm_vcpu *vcpu,
 {
        u32 access = (kvm_x86_ops->get_cpl(vcpu) == 3) ? PFERR_USER_MASK : 0;
+        /*
+         * FIXME: this should call handle_emulation_failure if X86EMUL_IO_NEEDED
+         * is returned, but our callers are not ready for that and they blindly
+         * call kvm_inject_page_fault.  Ensure that they at least do not leak
+         * uninitialized kernel stack memory into cr2 and error code.
+         */
+        memset(exception, 0, sizeof(*exception));
        return kvm_read_guest_virt_helper(addr, val, bytes, vcpu, access,
                                          exception);
 }

diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 3d27206f6c01..e67ecf25e690 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c
@@ -5116,6 +5116,13 @@ int kvm_read_guest_virt(struct kvm_vcpu *vcpu,
5116	{	5116	{
5117	u32 access = (kvm_x86_ops->get_cpl(vcpu) == 3) ? PFERR_USER_MASK : 0;	5117	u32 access = (kvm_x86_ops->get_cpl(vcpu) == 3) ? PFERR_USER_MASK : 0;
5118		5118
		5119	/*
		5120	* FIXME: this should call handle_emulation_failure if X86EMUL_IO_NEEDED
		5121	* is returned, but our callers are not ready for that and they blindly
		5122	* call kvm_inject_page_fault. Ensure that they at least do not leak
		5123	* uninitialized kernel stack memory into cr2 and error code.
		5124	*/
		5125	memset(exception, 0, sizeof(*exception));
5119	return kvm_read_guest_virt_helper(addr, val, bytes, vcpu, access,	5126	return kvm_read_guest_virt_helper(addr, val, bytes, vcpu, access,
5120	exception);	5127	exception);
5121	}	5128	}