Re: [PATCH][next][V2] RDMA/bnxt_re: Fix uninitialized struct bit field rsvd1

From: Jason Gunthorpe
Date: Thu Jun 24 2021 - 08:30:02 EST

Next message: Odin Ugedal: "Re: FAIL: Test report for kernel 5.13.0-rc6 (mainline.kernel.org, cba5e972)"
Previous message: Johan Hovold: "Re: [PATCH] tty: serial: owl: Fix data race in owl_uart_remove"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Jun 23, 2021 at 07:24:37PM +0100, Colin King wrote:
> From: Colin Ian King <colin.king@xxxxxxxxxxxxx>
>
> The bit field rsvd1 in resp is not being initialized and garbage data
> is being copied from the stack back to userspace via the ib_copy_to_udata
> call. Fix this by setting the entire struct resp to zero; this will ensure
> that further new bit fields in the future will be zero'd too.
>
> Addresses-Coverity: ("Uninitialized scalar variable")
> Fixes: 879740517dab ("RDMA/bnxt_re: Update ABI to pass wqe-mode to user space")
> Signed-off-by: Colin Ian King <colin.king@xxxxxxxxxxxxx>
> ---
>
> V2: set entire struct resp to zero rather than the new field. Thanks to
> Jason Gunthorpe for suggesting this improved fix.
>
> ---
> drivers/infiniband/hw/bnxt_re/ib_verbs.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)

Applied to for-next, thanks

I amended it to remove the now redundant = 0's.

Jason

Next message: Odin Ugedal: "Re: FAIL: Test report for kernel 5.13.0-rc6 (mainline.kernel.org, cba5e972)"
Previous message: Johan Hovold: "Re: [PATCH] tty: serial: owl: Fix data race in owl_uart_remove"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]