diff options
author | Dan Carpenter <dan.carpenter@oracle.com> | 2013-07-29 21:19:14 +0200 |
---|---|---|
committer | Roland Dreier <roland@purestorage.com> | 2013-07-30 19:11:33 +0200 |
commit | 246fcdbc9d6c7ee1b12e299427efbc2ab49e40b5 (patch) | |
tree | 57c31c53260fb1e1a8aa98277fe4c61c9695f8bc | |
parent | Linux 3.11-rc2 (diff) | |
download | linux-246fcdbc9d6c7ee1b12e299427efbc2ab49e40b5.tar.xz linux-246fcdbc9d6c7ee1b12e299427efbc2ab49e40b5.zip |
RDMA/cxgb3: Fix stack info leak in iwch_create_cq()
The "uresp.reserved" field isn't initialized on this path so it could
leak uninitialized stack information to the user.
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Acked-by: Steve Wise <swise@opengridcomputing.com>
Signed-off-by: Roland Dreier <roland@purestorage.com>
-rw-r--r-- | drivers/infiniband/hw/cxgb3/iwch_provider.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/drivers/infiniband/hw/cxgb3/iwch_provider.c b/drivers/infiniband/hw/cxgb3/iwch_provider.c index e87f2201b220..d2283837d451 100644 --- a/drivers/infiniband/hw/cxgb3/iwch_provider.c +++ b/drivers/infiniband/hw/cxgb3/iwch_provider.c @@ -226,6 +226,7 @@ static struct ib_cq *iwch_create_cq(struct ib_device *ibdev, int entries, int ve mm->len = PAGE_ALIGN(((1UL << uresp.size_log2) + 1) * sizeof(struct t3_cqe)); uresp.memsize = mm->len; + uresp.reserved = 0; resplen = sizeof uresp; } if (ib_copy_to_udata(udata, &uresp, resplen)) { |