[PATCH net v3 1/7] net/sched: act_gate: zero-initialize netlink dump struct

Next message: Peter Zijlstra: "Re: [RFC][PATCH 4/4] futex: Convert to compiler context analysis"
Previous message: Mark Brown: "Re: request_irq() usage in wm8350_register_irq()."
In reply to: Paul Moses: "[PATCH net v3 0/7] net/sched: act_gate RCU schedule update fixes"
Next in thread: Eric Dumazet: "Re: [PATCH net v3 1/7] net/sched: act_gate: zero-initialize netlink dump struct"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Paul Moses

Date: Wed Jan 21 2026 - 08:39:23 EST

Zero-initialize the dump struct before selective assignment to avoid
leaking stack padding in netlink replies. This matches other actions
(e.g. act_connmark) that zero-init their dump structs.

Fixes: a51c328df310 ("net: qos: introduce a gate control flow action")
Cc: stable@xxxxxxxxxxxxxxx
Signed-off-by: Paul Moses <p@xxxxxxx>
---
net/sched/act_gate.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/net/sched/act_gate.c b/net/sched/act_gate.c
index c1f75f2727576..aacd57e5f4374 100644
--- a/net/sched/act_gate.c
+++ b/net/sched/act_gate.c
@@ -499,16 +499,16 @@ static int tcf_gate_dump(struct sk_buff *skb, struct tc_action *a,
{
unsigned char *b = skb_tail_pointer(skb);
struct tcf_gate *gact = to_gate(a);
- struct tc_gate opt = {
- .index = gact->tcf_index,
- .refcnt = refcount_read(&gact->tcf_refcnt) - ref,
- .bindcnt = atomic_read(&gact->tcf_bindcnt) - bind,
- };
+ struct tc_gate opt = { };
struct tcfg_gate_entry *entry;
struct tcf_gate_params *p;
struct nlattr *entry_list;
struct tcf_t t;

+ opt.index = gact->tcf_index;
+ opt.refcnt = refcount_read(&gact->tcf_refcnt) - ref;
+ opt.bindcnt = atomic_read(&gact->tcf_bindcnt) - bind;
+
spin_lock_bh(&gact->tcf_lock);
opt.action = gact->tcf_action;

--
2.52.GIT