2020-06-09 08:46:58

by Xidong Wang

Subject: [PATCH 1/1] RDMA/core: Don't copy uninitialized stack memory to userspace

From: xidongwang <[email protected]>

ib_uverbs_create_ah() may copy stack allocated
structs to userspace without initializing all members of these
structs. Clear out this memory to prevent information leaks.

Signed-off-by: xidongwang <[email protected]>
---
drivers/infiniband/core/uverbs_cmd.c | 1 +
1 file changed, 1 insertion(+)

diff --git a/drivers/infiniband/core/uverbs_cmd.c b/drivers/infiniband/core/uverbs_cmd.c
index b48b3f6..04861e6 100644
--- a/drivers/infiniband/core/uverbs_cmd.c
+++ b/drivers/infiniband/core/uverbs_cmd.c
@@ -2481,6 +2481,7 @@ static int ib_uverbs_create_ah(struct uverbs_attr_bundle *attrs)
uobj->user_handle = cmd.user_handle;
uobj->object = ah;

+ memset(&resp, 0, sizeof(resp));
resp.ah_handle = uobj->id;

ret = uverbs_response(attrs, &resp, sizeof(resp));
--
2.7.4

2020-06-09 09:26:48

by Gal Pressman

Subject: Re: [PATCH 1/1] RDMA/core: Don't copy uninitialized stack memory to userspace

On 09/06/2020 11:40, Xidong Wang wrote:
> From: xidongwang <[email protected]>
>
> ib_uverbs_create_ah() may copy stack allocated
> structs to userspace without initializing all members of these
> structs. Clear out this memory to prevent information leaks.

Which members are not initialized?