[PATCH 3.14 078/122] IB/core: Clear AH attr variable to prevent garbage data

From: Greg Kroah-Hartman
Date: Wed Nov 19 2014 - 16:46:27 EST

3.14-stable review patch. If anyone has any objections, please let me know.


From: Devesh Sharma <devesh.sharma@xxxxxxxxxx>

commit 8b0f93d9490653a7b9fc91f3570089132faed1c0 upstream.

During create-ah from userspace, uverbs is sending garbage data in
attr.dmac and attr.vlan_id. This patch sets attr.dmac and
attr.vlan_id to zero.

Fixes: dd5f03beb4f7 ("IB/core: Ethernet L2 attributes in verbs/cm structures")
Signed-off-by: Devesh Sharma <devesh.sharma@xxxxxxxxxx>
Signed-off-by: Roland Dreier <roland@xxxxxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>

drivers/infiniband/core/uverbs_cmd.c | 2 ++
1 file changed, 2 insertions(+)

--- a/drivers/infiniband/core/uverbs_cmd.c
+++ b/drivers/infiniband/core/uverbs_cmd.c
@@ -2425,6 +2425,8 @@ ssize_t ib_uverbs_create_ah(struct ib_uv
attr.grh.sgid_index = cmd.attr.grh.sgid_index;
attr.grh.hop_limit = cmd.attr.grh.hop_limit;
attr.grh.traffic_class = cmd.attr.grh.traffic_class;
+ attr.vlan_id = 0;
+ memset(&attr.dmac, 0, sizeof(attr.dmac));
memcpy(attr.grh.dgid.raw, cmd.attr.grh.dgid, 16);

ah = ib_create_ah(pd, &attr);

