Information leaks through I/O instruction emulation

Insufficient or missing error handling in certain routines dealing with guest memory reads can lead to uninitialized data on the hypervisor stack (potentially containing sensitive data from prior work the hypervisor performed) being copied to guest visible storage.

This allows a malicious HVM guest to craft certain operations (namely, but not limited to, port or memory mapped I/O writes) involving physical or virtual addresses that have no actual memory associated with them, so that hypervisor stack contents are copied into the destination of the operation, thus becoming visible to the guest.

improper error handling (ignore error)



x86: properly handle hvm_copy_from_guest_{phys,virt}() errors

Ignoring them generally implies using uninitialized data and, in all cases dealt with here, potentially leaking hypervisor stack contents to guests.

add some error handling code


A malicious HVM guest might be able to read sensitive data relating to other guests.

information leak