Received: by 2002:a25:683:0:0:0:0:0 with SMTP id 125csp338577ybg;
        Tue, 9 Jun 2020 01:46:58 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJw6W9MQ9QP6ljq0j07XKLaw7REeZF6WhsCe3nTYNhip/qkDMJV2KkxnJaSTWd3+9F3X/SZ8
X-Received: by 2002:a17:906:fb19:: with SMTP id lz25mr25496706ejb.349.1591692418233;
        Tue, 09 Jun 2020 01:46:58 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1591692418; cv=none;
        d=google.com; s=arc-20160816;
        b=mlYSzQx0XlMVyvRTEp14jinA5Crsn7wUQPYpS2+ZvKyK14zR6yYdFadlH8/8KuzsDW
         cJhl7E6akHQ6XhotnGasd6CN+CTrjzTOOx6iu1EG7kGwVcaOVEUH4X5GdTsGXhftGzNi
         y+MxQcG/DePDaRYvl7fohwYq/jYwjq6s4mFhe+0RrBvZBdmKa/wFH5i9sX4AzvW1VieR
         I8q8usiJxnsmxdi0vDfeuc8NMfbXpF3UTMPO3JveO5FNncl4LnsC0qH70ewyR0aEWhMh
         +yXNh5EXa/2L0V9b98jlM9/WAlzak5Fn3JQFqp6VapL1vcMgbb/07OzEYMLIp5pEKWpa
         Btxw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:message-id:date:subject:to:from
         :dkim-signature;
        bh=BNhmRuSCkW+4oswIR2IkTvF4T2FFDKrw3MSrNCdlxZs=;
        b=DUJxhdFqXj1LY4zYUaCtjnHDfGr88ICYUI9oymXDupHNIIaBzMBCaqlyODamrQyLiq
         cvH8loXpo5qNIo3xn7HJML/Km18xau9M/dyDSGLwlAs6iOJ0PpYfjMIaITO1ajUXcnpI
         hCtGpT539XLxnjUQpUZqRiD9eNMLh31+51quUSJYNLqR1XyKgFfm71OzhvdT2YGv1PqE
         O8lxh4CQI4d33nElIfsk695+6IclyVrxGlV9ECVRH6yzmFnQkVRHlvJdN7rEyqam3RgO
         wO3VnHDRMpQEuRiuhMm33BUtB3p6j9cgUuxxsAXvvFK1BJdIlmlnvLwW0V0z+nZb9MR/
         PX7A==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@163.com header.s=s110527 header.b=eBbibN2N;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=163.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id i1si7475492ejr.634.2020.06.09.01.46.35;
        Tue, 09 Jun 2020 01:46:58 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@163.com header.s=s110527 header.b=eBbibN2N;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=163.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1728105AbgFIIlP (ORCPT <rfc822;huangweiredhat@gmail.com>
        + 99 others); Tue, 9 Jun 2020 04:41:15 -0400
Received: from mail-m971.mail.163.com ([123.126.97.1]:35246 "EHLO
        mail-m971.mail.163.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1726463AbgFIIlO (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 9 Jun 2020 04:41:14 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=163.com;
        s=s110527; h=From:Subject:Date:Message-Id; bh=BNhmRuSCkW+4oswIR2
        IkTvF4T2FFDKrw3MSrNCdlxZs=; b=eBbibN2N0j6pkfvQeNqpVvWONEZKTM00+K
        YU9uuI8TV5Ne27Ut65NFO1YXusomrSijHKeCJJ84mrYSGpwVqFmDmJ0PM6XriPmO
        ZBU7VF6N18H4qkGIfgG0B3i/Nvl2i+v83B7UeBDQJEV8x9OsvX7PPpjxXV3k/cZh
        sHyL/qDU4=
Received: from ubuntu.localdomain (unknown [123.8.233.176])
        by smtp1 (Coremail) with SMTP id GdxpCgA3svUbS99evuGdCA--.8544S3;
        Tue, 09 Jun 2020 16:41:03 +0800 (CST)
From:   Xidong Wang <wangxidong_97@163.com>
To:     Xidong Wang <wangxidong_97@163.com>,
        Doug Ledford <dledford@redhat.com>,
        Jason Gunthorpe <jgg@ziepe.ca>,
        Yishai Hadas <yishaih@mellanox.com>,
        Leon Romanovsky <leon@kernel.org>,
        Max Gurtovoy <maxg@mellanox.com>,
        Maor Gottlieb <maorg@mellanox.com>, linux-rdma@vger.kernel.org,
        linux-kernel@vger.kernel.org
Subject: [PATCH 1/1] RDMA/core: Don't copy uninitialized stack memory to userspace
Date:   Tue,  9 Jun 2020 01:40:57 -0700
Message-Id: <1591692057-46380-1-git-send-email-wangxidong_97@163.com>
X-Mailer: git-send-email 2.7.4
X-CM-TRANSID: GdxpCgA3svUbS99evuGdCA--.8544S3
X-Coremail-Antispam: 1Uf129KBjvdXoW7XFy3GFWUGFWfXw47AF13Jwb_yoWfWrb_ur
        nYq3WxWr1UCFn2kry3CF4fXrZIqw45uw1fWan3tw15A345J3Zxu3s2qFn5uw45ur42kF98
        Ar9xt34kWrs0kjkaLaAFLSUrUUUUUb8apTn2vfkv8UJUUUU8Yxn0WfASr-VFAUDa7-sFnT
        9fnUUvcSsGvfC2KfnxnUUI43ZEXa7IUUKsj5UUUUU==
X-Originating-IP: [123.8.233.176]
X-CM-SenderInfo: pzdqw5xlgr0wrbzxqiywtou0bp/xtbBFR8+81Xlk8TEOQAAsd
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: xidongwang <wangxidong_97@163.com>

ib_uverbs_create_ah() may copy stack allocated
structs to userspace without initializing all members of these
structs. Clear out this memory to prevent information leaks.

Signed-off-by: xidongwang <wangxidong_97@163.com>
---
 drivers/infiniband/core/uverbs_cmd.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/drivers/infiniband/core/uverbs_cmd.c b/drivers/infiniband/core/uverbs_cmd.c
index b48b3f6..04861e6 100644
--- a/drivers/infiniband/core/uverbs_cmd.c
+++ b/drivers/infiniband/core/uverbs_cmd.c
@@ -2481,6 +2481,7 @@ static int ib_uverbs_create_ah(struct uverbs_attr_bundle *attrs)
 	uobj->user_handle = cmd.user_handle;
 	uobj->object = ah;
 
+	memset(&resp, 0, sizeof(resp));
 	resp.ah_handle = uobj->id;
 
 	ret = uverbs_response(attrs, &resp, sizeof(resp));
-- 
2.7.4