projects / linux-2.6-microblaze.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 109d19a)
RDMA/bnxt_re: Fix uninitialized struct bit field rsvd1
authorColin Ian King <colin.king@canonical.com>
Wed, 23 Jun 2021 18:24:37 +0000 (19:24 +0100)
committerJason Gunthorpe <jgg@nvidia.com>
Thu, 24 Jun 2021 12:16:42 +0000 (09:16 -0300)
The bit field rsvd1 in resp is not being initialized and garbage data is
being copied from the stack back to userspace via the ib_copy_to_udata
call. Fix this by setting the entire struct resp to zero; this will ensure
that further new bit fields in the future will be zero'd too.

Link: https://lore.kernel.org/r/20210623182437.163801-1-colin.king@canonical.com
Addresses-Coverity: ("Uninitialized scalar variable")
Fixes: 879740517dab ("RDMA/bnxt_re: Update ABI to pass wqe-mode to user space")
Signed-off-by: Colin Ian King <colin.king@canonical.com>
[jgg: remove extra zeroing]
Signed-off-by: Jason Gunthorpe <jgg@nvidia.com>
drivers/infiniband/hw/bnxt_re/ib_verbs.c patch | blob | history

diff --git a/drivers/infiniband/hw/bnxt_re/ib_verbs.c b/drivers/infiniband/hw/bnxt_re/ib_verbs.c
index 5955713..283b6b8 100644 (file)
--- a/drivers/infiniband/hw/bnxt_re/ib_verbs.c
+++ b/drivers/infiniband/hw/bnxt_re/ib_verbs.c
@@ -3844,7 +3844,7 @@ int bnxt_re_alloc_ucontext(struct ib_ucontext *ctx, struct ib_udata *udata)
                container_of(ctx, struct bnxt_re_ucontext, ib_uctx);
        struct bnxt_re_dev *rdev = to_bnxt_re_dev(ibdev, ibdev);
        struct bnxt_qplib_dev_attr *dev_attr = &rdev->dev_attr;
-       struct bnxt_re_uctx_resp resp;
+       struct bnxt_re_uctx_resp resp = {};
        u32 chip_met_rev_num = 0;
        int rc;
 
@@ -3872,15 +3872,12 @@ int bnxt_re_alloc_ucontext(struct ib_ucontext *ctx, struct ib_udata *udata)
        chip_met_rev_num |= ((u32)rdev->chip_ctx->chip_metal & 0xFF) <<
                             BNXT_RE_CHIP_ID0_CHIP_MET_SFT;
        resp.chip_id0 = chip_met_rev_num;
-       /* Future extension of chip info */
-       resp.chip_id1 = 0;
        /*Temp, Use xa_alloc instead */
        resp.dev_id = rdev->en_dev->pdev->devfn;
        resp.max_qp = rdev->qplib_ctx.qpc_count;
        resp.pg_size = PAGE_SIZE;
        resp.cqe_sz = sizeof(struct cq_base);
        resp.max_cqd = dev_attr->max_cq_wqes;
-       resp.rsvd    = 0;
 
        resp.comp_mask |= BNXT_RE_UCNTX_CMASK_HAVE_MODE;
        resp.mode = rdev->chip_ctx->modes.wqe_mode;
MicroBlaze GIT Repository