On 14.01.2021 17:59, Roger Pau Monné wrote: > On Thu, Jan 14, 2021 at 03:01:06PM +0100, Jan Beulich wrote: >> The max_message_size field of the output gets filled only when the flags >> field is non-zero. Don't copy back uninitialized data to guest context. > > I'm afraid I'm missing something. AFAICT ent gets filled from the > user-space contents of data_ent_hnd that's copied from user-space at > the top of the function,
Oh, I managed to overlook this multiple time, so ... > so there's no leak from hypervisor stack in > the return path? ... yes indeed. Withdrawing the patch. Thanks for noticing, Jan
