kernel / kernel-source

Clone
Source Code
GIT

Files

  1.   a99b602ac2b8c237ced40a4769f19ed10f16288a
  2.   patches.suse
  3.   RDMA-qedr-Zero-stack-memory-before-copying-to-user-s.patch
Blob Blame History Raw 
From: Jason Gunthorpe <jgg@mellanox.com>
Date: Wed, 4 Apr 2018 20:58:13 -0600
Subject: RDMA/qedr: Zero stack memory before copying to user space
Patch-mainline: v4.17-rc1
Git-commit: 57939021e8f882d13a5263a9d682c64ae00c578d
References: bsc#1086314 FATE#324886 bsc#1086313 FATE#324885 bsc#1086301 FATE#3248881

The fact this struct was not init'd like all the others was missed when
the padding reserved field was added.

Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Fixes: 71e80a4781af ("RDMA/qedr: Fix uABI structure layouts for 32/64 compat")
Acked-by: Michal Kalderon <Michal.Kalderon@cavium.com>
Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
Acked-by: Thomas Bogendoerfer <tbogendoerfer@suse.de>
---
 drivers/infiniband/hw/qedr/verbs.c |    6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

--- a/drivers/infiniband/hw/qedr/verbs.c
+++ b/drivers/infiniband/hw/qedr/verbs.c
@@ -494,9 +494,9 @@ struct ib_pd *qedr_alloc_pd(struct ib_de
 	pd->pd_id = pd_id;
 
 	if (udata && context) {
-		struct qedr_alloc_pd_uresp uresp;
-
-		uresp.pd_id = pd_id;
+		struct qedr_alloc_pd_uresp uresp = {
+			.pd_id = pd_id,
+		};
 
 		rc = qedr_ib_copy_to_udata(udata, &uresp, sizeof(uresp));
 		if (rc) {
Powered by Pagure 5.13.3
DocumentationAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.