domctl/sysctl: don't leak hypervisor stack to toolstacks

This is CVE-2015-3340 / XSA-132.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Reviewed-by: Jan Beulich <jbeulich@suse.com>
Acked-by: Ian Campbell <ian.campbell@citrix.com>

diff --git a/xen/arch/x86/domctl.c b/xen/arch/x86/domctl.c
index 9450795bd2a5edf32ebc4a3559bc83143ae6356f..0b3d6782c664068545a46e1d9209338383a99973 100644 (file)
--- a/xen/arch/x86/domctl.c
+++ b/xen/arch/x86/domctl.c
@@ -884,7 +884,7 @@ long arch_do_domctl(
 
     case XEN_DOMCTL_gettscinfo:
     {
-        xen_guest_tsc_info_t info;
+        xen_guest_tsc_info_t info = { 0 };
 
         ret = -EINVAL;
         if ( d == current->domain ) /* no domain_pause() */

diff --git a/xen/common/sysctl.c b/xen/common/sysctl.c
index 70413cc5c9fb8208b65f43d7b904449185a3bafe..373c84e4d2b4e61dd386d7e280c4bc0cd8cb0883 100644 (file)
--- a/xen/common/sysctl.c
+++ b/xen/common/sysctl.c
@@ -76,7 +76,7 @@ long do_sysctl(XEN_GUEST_HANDLE_PARAM(xen_sysctl_t) u_sysctl)
     case XEN_SYSCTL_getdomaininfolist:
     { 
         struct domain *d;
-        struct xen_domctl_getdomaininfo info;
+        struct xen_domctl_getdomaininfo info = { 0 };
         u32 num_domains = 0;
 
         rcu_read_lock(&domlist_read_lock);