* [patch] RDMA/cxgb4: stack info leak in c4iw_create_qp()
@ 2013-07-25 16:48 Dan Carpenter
[not found] ` <20130725164832.GA7026-mgFCXtclrQlZLf2FXnZxJA@public.gmane.org>
0 siblings, 1 reply; 2+ messages in thread
From: Dan Carpenter @ 2013-07-25 16:48 UTC (permalink / raw)
To: Steve Wise
Cc: Roland Dreier, Sean Hefty, Hal Rosenstock, linux-rdma,
kernel-janitors
"uresp.ma_sync_key" doesn't get set on this path so we leak 8 bytes of
data.
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
diff --git a/drivers/infiniband/hw/cxgb4/qp.c b/drivers/infiniband/hw/cxgb4/qp.c
index 2320404..a4975e1 100644
--- a/drivers/infiniband/hw/cxgb4/qp.c
+++ b/drivers/infiniband/hw/cxgb4/qp.c
@@ -1657,6 +1657,8 @@ struct ib_qp *c4iw_create_qp(struct ib_pd *pd, struct ib_qp_init_attr *attrs,
if (mm5) {
uresp.ma_sync_key = ucontext->key;
ucontext->key += PAGE_SIZE;
+ } else {
+ uresp.ma_sync_key = 0;
}
uresp.sq_key = ucontext->key;
ucontext->key += PAGE_SIZE;
^ permalink raw reply related [flat|nested] 2+ messages in thread
end of thread, other threads:[~2013-07-25 18:40 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2013-07-25 16:48 [patch] RDMA/cxgb4: stack info leak in c4iw_create_qp() Dan Carpenter
[not found] ` <20130725164832.GA7026-mgFCXtclrQlZLf2FXnZxJA@public.gmane.org>
2013-07-25 18:40 ` Steve Wise
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox