The linux kernel implementation for the virtio_net driver recently
gained support for virtio features above the 64th bit.
It relies on the hypervisor to clear the features data for unknown /
unsupported features range.
The current pci-modern implementation, in such scenario, leaves the
data memory untouched, which causes the guest kernel assuming "random"
features are supported (and possibly leaks host memory contents).
Explicitly clear the features data for unsupported range.
Reported-by: Cristian Marussi <cristian.marussi@xxxxxxx>
Signed-off-by: Paolo Abeni <pabeni@xxxxxxxxxx>
---
virtio/pci-modern.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/virtio/pci-modern.c b/virtio/pci-modern.c
index c5b4bc5..ef2f3e2 100644
--- a/virtio/pci-modern.c
+++ b/virtio/pci-modern.c
@@ -156,8 +156,10 @@ static bool virtio_pci__common_read(struct virtio_device *vdev,
ioport__write32(data, val);
break;
case VIRTIO_PCI_COMMON_DF:
- if (vpci->device_features_sel > 1)
+ if (vpci->device_features_sel > 1) {
+ ioport__write32(data, 0);
break;
+ }
features |= vdev->ops->get_host_features(vpci->kvm, vpci->dev);
val = features >> (32 * vpci->device_features_sel);
ioport__write32(data, val);
--
2.50.1
