RDMA/cxgb3: Fix stack info leak in iwch_create_cq()
authorDan Carpenter <dan.carpenter@oracle.com>
Mon, 29 Jul 2013 19:19:14 +0000 (22:19 +0300)
committerRoland Dreier <roland@purestorage.com>
Tue, 30 Jul 2013 17:11:33 +0000 (10:11 -0700)
The "uresp.reserved" field isn't initialized on this path so it could
leak uninitialized stack information to the user.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Acked-by: Steve Wise <swise@opengridcomputing.com>
Signed-off-by: Roland Dreier <roland@purestorage.com>
drivers/infiniband/hw/cxgb3/iwch_provider.c

index e87f2201b220673030ca18a3957642b623d065a7..d2283837d45168070707eba5ac11aab4c2fe9c5e 100644 (file)
@@ -226,6 +226,7 @@ static struct ib_cq *iwch_create_cq(struct ib_device *ibdev, int entries, int ve
                        mm->len = PAGE_ALIGN(((1UL << uresp.size_log2) + 1) *
                                             sizeof(struct t3_cqe));
                        uresp.memsize = mm->len;
+                       uresp.reserved = 0;
                        resplen = sizeof uresp;
                }
                if (ib_copy_to_udata(udata, &uresp, resplen)) {