On Mon, 21 Jan 2019 at 10:42, Philippe Mathieu-Daudé <phi...@redhat.com> wrote: > > On 1/18/19 7:36 PM, Peter Maydell wrote: > > In virtio_balloon_get_config() we initialize a struct virtio_balloon_config > > which we then copy to guest memory. However, the local variable is not > > zero initialized. This works OK at the moment because we initialize > > all the fields in it; however an upcoming kernel header change will > > add some new fields. If we don't zero out the whole struct then we > > will start leaking a small amount of the contents of QEMU's stack > > to the guest as soon as we update linux-headers/ to a set of headers > > that includes the new fields. > > Is it worth Cc'ing qemu-stable@?
Good idea, that will avoid possible future problems if we backport a headers change to stable. I'll apply this to master directly. thanks -- PMM
