From: Eli Cohen <eli@dev.mellanox.co.il>
Date: Sun, 14 Sep 2014 13:47:52 +0000 (+0300)
Subject: IB/core: Avoid leakage from kernel to user space
X-Git-Tag: firefly_0821_release~3679^2~601
X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=3af9e9334102d7436bb509c8d3d99c695190c58f;p=firefly-linux-kernel-4.4.55.git

IB/core: Avoid leakage from kernel to user space

commit 377b513485fd885dea1083a9a5430df65b35e048 upstream.

Clear the reserved field of struct ib_uverbs_async_event_desc which is
copied to user space.

Signed-off-by: Eli Cohen <eli@mellanox.com>
Reviewed-by: Yann Droneaud <ydroneaud@opteya.com>
Signed-off-by: Roland Dreier <roland@purestorage.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---

diff --git a/drivers/infiniband/core/uverbs_main.c b/drivers/infiniband/core/uverbs_main.c
index 2c6f0f2ecd9d..949b38633496 100644
--- a/drivers/infiniband/core/uverbs_main.c
+++ b/drivers/infiniband/core/uverbs_main.c
@@ -460,6 +460,7 @@ static void ib_uverbs_async_handler(struct ib_uverbs_file *file,
 
 	entry->desc.async.element    = element;
 	entry->desc.async.event_type = event;
+	entry->desc.async.reserved   = 0;
 	entry->counter               = counter;
 
 	list_add_tail(&entry->list, &file->async_file->event_list);