KVM: x86: Zero-initialize temporary fxregs_state buffers in FXSAVE emulation

Explicitly zero-initialize stack-allocated struct fxregs_state
variables in em_fxsave() and fxregs_fixup() to ensure all padding and
unused fields are cleared before use.

Both functions declare temporary fxregs_state buffers that may be
partially written by fxsave. Although the emulator copies only the
architecturally defined portion of the state to userspace, any padding
or otherwise untouched bytes in the structure can remain uninitialized.
This can lead to the use of uninitialized stack data and may trigger
KMSAN reports. In the worst case, it could result in leaking stack
contents if such bytes are ever exposed.

No functional change intended.

Suggested-by: Sean Christopherson <seanjc@google.com>
Signed-off-by: Uros Bizjak <ubizjak@gmail.com>
Cc: Sean Christopherson <seanjc@google.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Thomas Gleixner <tglx@kernel.org>
Cc: Ingo Molnar <mingo@kernel.org>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Dave Hansen <dave.hansen@linux.intel.com>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Link: https://patch.msgid.link/20260212212457.24483-1-ubizjak@gmail.com
Signed-off-by: Sean Christopherson <seanjc@google.com>

1 files changed, 2 insertions, 2 deletions

diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c
index c8e292e9a24d..20ed588015f1 100644
--- a/arch/x86/kvm/emulate.c
+++ b/arch/x86/kvm/emulate.c
@@ -3708,7 +3708,7 @@ static inline size_t fxstate_size(struct x86_emulate_ctxt *ctxt)
  */
 static int em_fxsave(struct x86_emulate_ctxt *ctxt)
 {
-	struct fxregs_state fx_state;
+	struct fxregs_state fx_state = {};
 	int rc;
 
 	rc = check_fxsr(ctxt);
@@ -3738,7 +3738,7 @@ static int em_fxsave(struct x86_emulate_ctxt *ctxt)
 static noinline int fxregs_fixup(struct fxregs_state *fx_state,
 				 const size_t used_size)
 {
-	struct fxregs_state fx_tmp;
+	struct fxregs_state fx_tmp = {};
 	int rc;
 
 	rc = asm_safe("fxsave %[fx]", , [fx] "+m"(fx_tmp));