* [patch] IB: vmw_pvrdma: info leak in pvrdma_alloc_ucontext()
@ 2017-01-04 6:41 Dan Carpenter
[not found] ` <20170104064110.GA8957-mgFCXtclrQlZLf2FXnZxJA@public.gmane.org>
0 siblings, 1 reply; 2+ messages in thread
From: Dan Carpenter @ 2017-01-04 6:41 UTC (permalink / raw)
To: Adit Ranadive
Cc: VMware PV-Drivers, Doug Ledford, Sean Hefty, Hal Rosenstock,
linux-rdma, kernel-janitors
We need to clear out the ->reserved member so we don't disclose
uninitialized stack information.
Fixes: 29c8d9eba550 ("IB: Add vmw_pvrdma driver")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
---
There are a bunch of ways to fix this... I just the most mindless one
because I can never guess what IB prefers. Feel free to fix it however
you feel is appropriate and give me a Reported-by tag.
diff --git a/drivers/infiniband/hw/vmw_pvrdma/pvrdma_verbs.c b/drivers/infiniband/hw/vmw_pvrdma/pvrdma_verbs.c
index 54891370d18a..c00c27f48f46 100644
--- a/drivers/infiniband/hw/vmw_pvrdma/pvrdma_verbs.c
+++ b/drivers/infiniband/hw/vmw_pvrdma/pvrdma_verbs.c
@@ -339,6 +339,7 @@ struct ib_ucontext *pvrdma_alloc_ucontext(struct ib_device *ibdev,
context->ctx_handle = resp->ctx_handle;
/* copy back to user */
+ memset(&uresp, 0, sizeof(uresp));
uresp.qp_tab_size = vdev->dsr->caps.max_qp;
ret = ib_copy_to_udata(udata, &uresp, sizeof(uresp));
if (ret) {
^ permalink raw reply related [flat|nested] 2+ messages in thread[parent not found: <20170104064110.GA8957-mgFCXtclrQlZLf2FXnZxJA@public.gmane.org>]
* Re: [patch] IB: vmw_pvrdma: info leak in pvrdma_alloc_ucontext() [not found] ` <20170104064110.GA8957-mgFCXtclrQlZLf2FXnZxJA@public.gmane.org> @ 2017-01-04 17:40 ` Adit Ranadive 0 siblings, 0 replies; 2+ messages in thread From: Adit Ranadive @ 2017-01-04 17:40 UTC (permalink / raw) To: Dan Carpenter Cc: VMware PV-Drivers, Doug Ledford, Sean Hefty, Hal Rosenstock, linux-rdma-u79uwXL29TY76Z2rM5mHXA, kernel-janitors-u79uwXL29TY76Z2rM5mHXA On Wed, Jan 04, 2017 at 09:41:11AM +0300, Dan Carpenter wrote: > We need to clear out the ->reserved member so we don't disclose > uninitialized stack information. > > Fixes: 29c8d9eba550 ("IB: Add vmw_pvrdma driver") > Signed-off-by: Dan Carpenter <dan.carpenter-QHcLZuEGTsvQT0dZR+AlfA@public.gmane.org> > --- > There are a bunch of ways to fix this... I just the most mindless one > because I can never guess what IB prefers. Feel free to fix it however > you feel is appropriate and give me a Reported-by tag. > > diff --git a/drivers/infiniband/hw/vmw_pvrdma/pvrdma_verbs.c b/drivers/infiniband/hw/vmw_pvrdma/pvrdma_verbs.c > index 54891370d18a..c00c27f48f46 100644 > --- a/drivers/infiniband/hw/vmw_pvrdma/pvrdma_verbs.c > +++ b/drivers/infiniband/hw/vmw_pvrdma/pvrdma_verbs.c > @@ -339,6 +339,7 @@ struct ib_ucontext *pvrdma_alloc_ucontext(struct ib_device *ibdev, > context->ctx_handle = resp->ctx_handle; > > /* copy back to user */ > + memset(&uresp, 0, sizeof(uresp)); > uresp.qp_tab_size = vdev->dsr->caps.max_qp; > ret = ib_copy_to_udata(udata, &uresp, sizeof(uresp)); > if (ret) { > Thanks Dan! I'll add this to the other fixes to be sent out. - Adit -- To unsubscribe from this list: send the line "unsubscribe linux-rdma" in the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org More majordomo info at http://vger.kernel.org/majordomo-info.html ^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2017-01-04 17:40 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2017-01-04 6:41 [patch] IB: vmw_pvrdma: info leak in pvrdma_alloc_ucontext() Dan Carpenter
[not found] ` <20170104064110.GA8957-mgFCXtclrQlZLf2FXnZxJA@public.gmane.org>
2017-01-04 17:40 ` Adit Ranadive
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox