[PATCH 3.4 153/172] IB/core: Avoid leakage from kernel to user space

From: lizf
Date: Tue Jun 16 2015 - 04:59:16 EST

From: Eli Cohen <eli@xxxxxxxxxxxxxxxxxx>

3.4.108-rc1 review patch. If anyone has any objections, please let me know.


commit 377b513485fd885dea1083a9a5430df65b35e048 upstream.

Clear the reserved field of struct ib_uverbs_async_event_desc which is
copied to user space.

Signed-off-by: Eli Cohen <eli@xxxxxxxxxxxx>
Reviewed-by: Yann Droneaud <ydroneaud@xxxxxxxxxx>
Signed-off-by: Roland Dreier <roland@xxxxxxxxxxxxxxx>
Signed-off-by: Zefan Li <lizefan@xxxxxxxxxx>
drivers/infiniband/core/uverbs_main.c | 1 +
1 file changed, 1 insertion(+)

diff --git a/drivers/infiniband/core/uverbs_main.c b/drivers/infiniband/core/uverbs_main.c
index 604556d..5b51e4e 100644
--- a/drivers/infiniband/core/uverbs_main.c
+++ b/drivers/infiniband/core/uverbs_main.c
@@ -451,6 +451,7 @@ static void ib_uverbs_async_handler(struct ib_uverbs_file *file,

entry->desc.async.element = element;
entry->desc.async.event_type = event;
+ entry->desc.async.reserved = 0;
entry->counter = counter;

list_add_tail(&entry->list, &file->async_file->event_list);

To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/