mshv_vtl_hvcall_call() copies only the user-provided input size. It then passes the page to hv_do_hypercall().
For short inputs, stale bytes can remain in the bounce page. Those bytes can be consumed by the hypervisor. Allocate the input page zeroed, matching the output page. Signed-off-by: Yousef Alhouseen <[email protected]> --- drivers/hv/mshv_vtl_main.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/hv/mshv_vtl_main.c b/drivers/hv/mshv_vtl_main.c index 0365d207c..f2633148c 100644 --- a/drivers/hv/mshv_vtl_main.c +++ b/drivers/hv/mshv_vtl_main.c @@ -1146,7 +1146,7 @@ static int mshv_vtl_hvcall_call(struct mshv_vtl_hvcall_fd *fd, * * TODO: Take care of this when CVM support is added. */ - in = (void *)__get_free_page(GFP_KERNEL); + in = (void *)__get_free_page(GFP_KERNEL | __GFP_ZERO); out = (void *)__get_free_page(GFP_KERNEL | __GFP_ZERO); if (!in || !out) { ret = -ENOMEM; -- 2.54.0
