rdma/cxgb4: fix some info leaks
In c4iw_create_qp() there are several struct members which potentially aren't inintialized like uresp.rq_key. I've fixed this code before in in commitae1fe07f3f
("RDMA/cxgb4: Fix stack info leak in c4iw_create_qp()") so this time I'm just going to take a big hammer approach and memset the whole struct to zero. Hopefully, it will stay fixed this time. In c4iw_create_srq() we don't clear uresp.reserved. Fixes:6a0b6174d3
("rdma/cxgb4: Add support for kernel mode SRQ's") Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Acked-by: Raju Rangoju <rajur@chelsio.com> Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
This commit is contained in:
parent
0425e3e6e0
commit
8001b717f0
@ -2088,6 +2088,7 @@ struct ib_qp *c4iw_create_qp(struct ib_pd *pd, struct ib_qp_init_attr *attrs,
|
|||||||
goto err_free_sq_db_key;
|
goto err_free_sq_db_key;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
memset(&uresp, 0, sizeof(uresp));
|
||||||
if (t4_sq_onchip(&qhp->wq.sq)) {
|
if (t4_sq_onchip(&qhp->wq.sq)) {
|
||||||
ma_sync_key_mm = kmalloc(sizeof(*ma_sync_key_mm),
|
ma_sync_key_mm = kmalloc(sizeof(*ma_sync_key_mm),
|
||||||
GFP_KERNEL);
|
GFP_KERNEL);
|
||||||
@ -2096,8 +2097,7 @@ struct ib_qp *c4iw_create_qp(struct ib_pd *pd, struct ib_qp_init_attr *attrs,
|
|||||||
goto err_free_rq_db_key;
|
goto err_free_rq_db_key;
|
||||||
}
|
}
|
||||||
uresp.flags = C4IW_QPF_ONCHIP;
|
uresp.flags = C4IW_QPF_ONCHIP;
|
||||||
} else
|
}
|
||||||
uresp.flags = 0;
|
|
||||||
uresp.qid_mask = rhp->rdev.qpmask;
|
uresp.qid_mask = rhp->rdev.qpmask;
|
||||||
uresp.sqid = qhp->wq.sq.qid;
|
uresp.sqid = qhp->wq.sq.qid;
|
||||||
uresp.sq_size = qhp->wq.sq.size;
|
uresp.sq_size = qhp->wq.sq.size;
|
||||||
@ -2111,8 +2111,6 @@ struct ib_qp *c4iw_create_qp(struct ib_pd *pd, struct ib_qp_init_attr *attrs,
|
|||||||
if (ma_sync_key_mm) {
|
if (ma_sync_key_mm) {
|
||||||
uresp.ma_sync_key = ucontext->key;
|
uresp.ma_sync_key = ucontext->key;
|
||||||
ucontext->key += PAGE_SIZE;
|
ucontext->key += PAGE_SIZE;
|
||||||
} else {
|
|
||||||
uresp.ma_sync_key = 0;
|
|
||||||
}
|
}
|
||||||
uresp.sq_key = ucontext->key;
|
uresp.sq_key = ucontext->key;
|
||||||
ucontext->key += PAGE_SIZE;
|
ucontext->key += PAGE_SIZE;
|
||||||
@ -2601,6 +2599,7 @@ struct ib_srq *c4iw_create_srq(struct ib_pd *pd, struct ib_srq_init_attr *attrs,
|
|||||||
ret = -ENOMEM;
|
ret = -ENOMEM;
|
||||||
goto err_free_srq_key_mm;
|
goto err_free_srq_key_mm;
|
||||||
}
|
}
|
||||||
|
memset(&uresp, 0, sizeof(uresp));
|
||||||
uresp.flags = srq->flags;
|
uresp.flags = srq->flags;
|
||||||
uresp.qid_mask = rhp->rdev.qpmask;
|
uresp.qid_mask = rhp->rdev.qpmask;
|
||||||
uresp.srqid = srq->wq.qid;
|
uresp.srqid = srq->wq.qid;
|
||||||
|
Loading…
Reference in New Issue
Block a user