[PATCH 3.12 024/155] IB/core: Avoid leakage from kernel to user space

From: Jiri Slaby
Date: Tue Apr 07 2015 - 09:26:28 EST

From: Eli Cohen <eli@xxxxxxxxxxxxxxxxxx>

3.12-stable review patch. If anyone has any objections, please let me know.


commit 377b513485fd885dea1083a9a5430df65b35e048 upstream.

Clear the reserved field of struct ib_uverbs_async_event_desc which is
copied to user space.

Signed-off-by: Eli Cohen <eli@xxxxxxxxxxxx>
Reviewed-by: Yann Droneaud <ydroneaud@xxxxxxxxxx>
Signed-off-by: Roland Dreier <roland@xxxxxxxxxxxxxxx>
Signed-off-by: Jiri Slaby <jslaby@xxxxxxx>
drivers/infiniband/core/uverbs_main.c | 1 +
1 file changed, 1 insertion(+)

diff --git a/drivers/infiniband/core/uverbs_main.c b/drivers/infiniband/core/uverbs_main.c
index 2df31f68ea09..849c9dc7d1f6 100644
--- a/drivers/infiniband/core/uverbs_main.c
+++ b/drivers/infiniband/core/uverbs_main.c
@@ -473,6 +473,7 @@ static void ib_uverbs_async_handler(struct ib_uverbs_file *file,

entry->desc.async.element = element;
entry->desc.async.event_type = event;
+ entry->desc.async.reserved = 0;
entry->counter = counter;

list_add_tail(&entry->list, &file->async_file->event_list);

