* [patch] IB: vmw_pvrdma: info leak in pvrdma_alloc_ucontext()
@ 2017-01-04 6:41 ` Dan Carpenter
0 siblings, 0 replies; 4+ messages in thread
From: Dan Carpenter @ 2017-01-04 6:41 UTC (permalink / raw)
To: Adit Ranadive
Cc: VMware PV-Drivers, Doug Ledford, Sean Hefty, Hal Rosenstock,
linux-rdma, kernel-janitors
We need to clear out the ->reserved member so we don't disclose
uninitialized stack information.
Fixes: 29c8d9eba550 ("IB: Add vmw_pvrdma driver")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
---
There are a bunch of ways to fix this... I just the most mindless one
because I can never guess what IB prefers. Feel free to fix it however
you feel is appropriate and give me a Reported-by tag.
diff --git a/drivers/infiniband/hw/vmw_pvrdma/pvrdma_verbs.c b/drivers/infiniband/hw/vmw_pvrdma/pvrdma_verbs.c
index 54891370d18a..c00c27f48f46 100644
--- a/drivers/infiniband/hw/vmw_pvrdma/pvrdma_verbs.c
+++ b/drivers/infiniband/hw/vmw_pvrdma/pvrdma_verbs.c
@@ -339,6 +339,7 @@ struct ib_ucontext *pvrdma_alloc_ucontext(struct ib_device *ibdev,
context->ctx_handle = resp->ctx_handle;
/* copy back to user */
+ memset(&uresp, 0, sizeof(uresp));
uresp.qp_tab_size = vdev->dsr->caps.max_qp;
ret = ib_copy_to_udata(udata, &uresp, sizeof(uresp));
if (ret) {
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [patch] IB: vmw_pvrdma: info leak in pvrdma_alloc_ucontext()
@ 2017-01-04 6:41 ` Dan Carpenter
0 siblings, 0 replies; 4+ messages in thread
From: Dan Carpenter @ 2017-01-04 6:41 UTC (permalink / raw)
To: Adit Ranadive
Cc: VMware PV-Drivers, Doug Ledford, Sean Hefty, Hal Rosenstock,
linux-rdma, kernel-janitors
We need to clear out the ->reserved member so we don't disclose
uninitialized stack information.
Fixes: 29c8d9eba550 ("IB: Add vmw_pvrdma driver")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
---
There are a bunch of ways to fix this... I just the most mindless one
because I can never guess what IB prefers. Feel free to fix it however
you feel is appropriate and give me a Reported-by tag.
diff --git a/drivers/infiniband/hw/vmw_pvrdma/pvrdma_verbs.c b/drivers/infiniband/hw/vmw_pvrdma/pvrdma_verbs.c
index 54891370d18a..c00c27f48f46 100644
--- a/drivers/infiniband/hw/vmw_pvrdma/pvrdma_verbs.c
+++ b/drivers/infiniband/hw/vmw_pvrdma/pvrdma_verbs.c
@@ -339,6 +339,7 @@ struct ib_ucontext *pvrdma_alloc_ucontext(struct ib_device *ibdev,
context->ctx_handle = resp->ctx_handle;
/* copy back to user */
+ memset(&uresp, 0, sizeof(uresp));
uresp.qp_tab_size = vdev->dsr->caps.max_qp;
ret = ib_copy_to_udata(udata, &uresp, sizeof(uresp));
if (ret) {
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [patch] IB: vmw_pvrdma: info leak in pvrdma_alloc_ucontext()
[not found] ` <20170104064110.GA8957-mgFCXtclrQlZLf2FXnZxJA@public.gmane.org>
@ 2017-01-04 17:40 ` Adit Ranadive
0 siblings, 0 replies; 4+ messages in thread
From: Adit Ranadive @ 2017-01-04 17:40 UTC (permalink / raw)
To: Dan Carpenter
Cc: VMware PV-Drivers, Doug Ledford, Sean Hefty, Hal Rosenstock,
linux-rdma-u79uwXL29TY76Z2rM5mHXA,
kernel-janitors-u79uwXL29TY76Z2rM5mHXA
On Wed, Jan 04, 2017 at 09:41:11AM +0300, Dan Carpenter wrote:
> We need to clear out the ->reserved member so we don't disclose
> uninitialized stack information.
>
> Fixes: 29c8d9eba550 ("IB: Add vmw_pvrdma driver")
> Signed-off-by: Dan Carpenter <dan.carpenter-QHcLZuEGTsvQT0dZR+AlfA@public.gmane.org>
> ---
> There are a bunch of ways to fix this... I just the most mindless one
> because I can never guess what IB prefers. Feel free to fix it however
> you feel is appropriate and give me a Reported-by tag.
>
> diff --git a/drivers/infiniband/hw/vmw_pvrdma/pvrdma_verbs.c b/drivers/infiniband/hw/vmw_pvrdma/pvrdma_verbs.c
> index 54891370d18a..c00c27f48f46 100644
> --- a/drivers/infiniband/hw/vmw_pvrdma/pvrdma_verbs.c
> +++ b/drivers/infiniband/hw/vmw_pvrdma/pvrdma_verbs.c
> @@ -339,6 +339,7 @@ struct ib_ucontext *pvrdma_alloc_ucontext(struct ib_device *ibdev,
> context->ctx_handle = resp->ctx_handle;
>
> /* copy back to user */
> + memset(&uresp, 0, sizeof(uresp));
> uresp.qp_tab_size = vdev->dsr->caps.max_qp;
> ret = ib_copy_to_udata(udata, &uresp, sizeof(uresp));
> if (ret) {
>
Thanks Dan! I'll add this to the other fixes to be sent out.
- Adit
--
To unsubscribe from this list: send the line "unsubscribe linux-rdma" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [patch] IB: vmw_pvrdma: info leak in pvrdma_alloc_ucontext()
@ 2017-01-04 17:40 ` Adit Ranadive
0 siblings, 0 replies; 4+ messages in thread
From: Adit Ranadive @ 2017-01-04 17:40 UTC (permalink / raw)
To: Dan Carpenter
Cc: VMware PV-Drivers, Doug Ledford, Sean Hefty, Hal Rosenstock,
linux-rdma-u79uwXL29TY76Z2rM5mHXA,
kernel-janitors-u79uwXL29TY76Z2rM5mHXA
On Wed, Jan 04, 2017 at 09:41:11AM +0300, Dan Carpenter wrote:
> We need to clear out the ->reserved member so we don't disclose
> uninitialized stack information.
>
> Fixes: 29c8d9eba550 ("IB: Add vmw_pvrdma driver")
> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
> ---
> There are a bunch of ways to fix this... I just the most mindless one
> because I can never guess what IB prefers. Feel free to fix it however
> you feel is appropriate and give me a Reported-by tag.
>
> diff --git a/drivers/infiniband/hw/vmw_pvrdma/pvrdma_verbs.c b/drivers/infiniband/hw/vmw_pvrdma/pvrdma_verbs.c
> index 54891370d18a..c00c27f48f46 100644
> --- a/drivers/infiniband/hw/vmw_pvrdma/pvrdma_verbs.c
> +++ b/drivers/infiniband/hw/vmw_pvrdma/pvrdma_verbs.c
> @@ -339,6 +339,7 @@ struct ib_ucontext *pvrdma_alloc_ucontext(struct ib_device *ibdev,
> context->ctx_handle = resp->ctx_handle;
>
> /* copy back to user */
> + memset(&uresp, 0, sizeof(uresp));
> uresp.qp_tab_size = vdev->dsr->caps.max_qp;
> ret = ib_copy_to_udata(udata, &uresp, sizeof(uresp));
> if (ret) {
>
Thanks Dan! I'll add this to the other fixes to be sent out.
- Adit
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2017-01-04 17:40 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-01-04 6:41 [patch] IB: vmw_pvrdma: info leak in pvrdma_alloc_ucontext() Dan Carpenter
2017-01-04 6:41 ` Dan Carpenter
[not found] ` <20170104064110.GA8957-mgFCXtclrQlZLf2FXnZxJA@public.gmane.org>
2017-01-04 17:40 ` Adit Ranadive
2017-01-04 17:40 ` Adit Ranadive
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.