Received: by 2002:a25:e74b:0:0:0:0:0 with SMTP id e72csp3207503ybh;
        Sat, 25 Jul 2020 15:07:32 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJwuZk5WFiOCz0R56it4mpHBCpm1f4VeexsGNvKk6LyGzBAF/FAE2/gRk4XXwXYsv2Lw1mPH
X-Received: by 2002:aa7:c54e:: with SMTP id s14mr15135181edr.81.1595714852090;
        Sat, 25 Jul 2020 15:07:32 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1595714852; cv=none;
        d=google.com; s=arc-20160816;
        b=ddpd1DKYQcAkvXXKcc/SVqx7G5fOt5TJyomfVLhDVQMF/KPWBB40YcDBBYwHeMlEz4
         i3HVLGwugP4yJ6qlQTB7YP0guoB2B0oaWQCQoFu8qHE0A8VJpdxqoRciaaapCbWAta7a
         LkkSYsCD3qD90W+01KRruhHe0AHfN6Vpz4ekGp4gmmH55z3c6T0IYkZ693GQ/TLW73tw
         25PNcE4yLiWMlWZAy9x/NeBN8MX4e6MMldMxuDAhy/neyZQ+AkKPClRFsQ0PEw1REyu2
         b36GQewkfoXIUlISrF2yq453SGXxgVBj8uvyRCEZdf1m4vkt12LQpp98g1gvi8MUziKc
         Q88g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding:mime-version
         :references:in-reply-to:message-id:date:subject:cc:to:from
         :dkim-signature;
        bh=ORj8ts7tAGRiEo5hGbERimOD2nuQgJZB1dWj3IpTlc4=;
        b=nlKYWgahsAHuaeF2rjNpw5lZAqMEB+iSfv+yHFqowEXFoR6duHNikKbmreljZSBxUW
         itAdl+SbVmhMH5B9vGhc5N2EvmqzY4nGp5G7iB+bF0IMcWadIeW7Ahs7gkon7zg+GSKx
         JVlgI8E4Kiva98u/szcxx5avLEVSiHbaV6AFdqAYJbB+6oNPHLxgj+UjE8KoCT/ZH7cv
         xbARr9636Gdqps9DQuco7J64aHvB6ZkT3UrgJ/QtRN6s7h7C25L4oPXWCk0M9ZdoRDQk
         R+bqe4XzW1B8W8NBm1DwTGvpfoHMkaqPGybVCP7IRdw2slKIfZWlEem+l7kUE8593z8Q
         eSlw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b=TA5BzKw5;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id a12si3243422edf.4.2020.07.25.15.06.34;
        Sat, 25 Jul 2020 15:07:32 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b=TA5BzKw5;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1727801AbgGYWFB (ORCPT <rfc822;peterpeng024@gmail.com>
        + 99 others); Sat, 25 Jul 2020 18:05:01 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58172 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1726926AbgGYWFA (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Sat, 25 Jul 2020 18:05:00 -0400
Received: from mail-qt1-x842.google.com (mail-qt1-x842.google.com [IPv6:2607:f8b0:4864:20::842])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6169CC08C5C0;
        Sat, 25 Jul 2020 15:04:59 -0700 (PDT)
Received: by mail-qt1-x842.google.com with SMTP id v22so3665638qtq.8;
        Sat, 25 Jul 2020 15:04:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=from:to:cc:subject:date:message-id:in-reply-to:references
         :mime-version:content-transfer-encoding;
        bh=ORj8ts7tAGRiEo5hGbERimOD2nuQgJZB1dWj3IpTlc4=;
        b=TA5BzKw5Fy2VrqhNGS5adDNkjAMk2Ozonbl6X+CNDcQBSjU8dH70YBm/mgJxQZDeEU
         mTtYJLs0Wi3OI/09FXhe4itg8dg0Z8VtmBfOqAsjmvGp8zzObsoVApdHkEHyqiT1oKDI
         CYA3m4GEkeQJ/yopNwx8cyY94qFAA7u7PKi4L2Q8lZYogQRe8oealTjJgZHj8DQRGCiY
         +L61pUqPA7g09eha1VNdn63zV8SdKUBgOYSwLfSJ5uAtJxXKRZ7aSbpuGQJmkeEtPUwh
         CVgK7Kof7xEC4UD9/yJMgTCKRt2TQ1UxuYAwezs8EBkoMIea43Fgh1bj2MQTVlSlrn52
         lQEA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=ORj8ts7tAGRiEo5hGbERimOD2nuQgJZB1dWj3IpTlc4=;
        b=J6yzedAS+4IVrp61vlyIOI/Axvh1YM23BgyZUt4UyL2qLs0oBl1mp9lezqFaNsXs1L
         FWfvPKQUl/HtV1v+ubDCGlDNbJKNmyOz84W4KbTvKagXkGKRCYUqynxV9xTImxZQXAx6
         U05AL+YvLK1jPG9qXK8HNkoUN08J7N4Urq7zbWTmSifUMyVkLj6XdzHA7mWi6YERLJMn
         NPylvbf/lN3qyti8monwXewhPoi4B+K8uBNkArBI8voNhG23RkJDc5JHpjfqHuZt9Zmh
         aLQ+Gv7xJTplc7cbIBrlY3/7/+Cq/9Cirf1UdVpf4Od+nKFqwK8aGeFlL8yk6g/qdE3I
         f0Bw==
X-Gm-Message-State: AOAM532/yF5ui7UQsa8gUqi/WmRmuwxC3cen7fDGPRSZU6PUBzjrIGqT
        U/OP6NnN54748fB4+bxnVOKi8wDjqg==
X-Received: by 2002:ac8:4e2f:: with SMTP id d15mr15620334qtw.125.1595714698435;
        Sat, 25 Jul 2020 15:04:58 -0700 (PDT)
Received: from localhost.localdomain (c-76-119-149-155.hsd1.ma.comcast.net. [76.119.149.155])
        by smtp.gmail.com with ESMTPSA id 8sm12306554qkh.77.2020.07.25.15.04.57
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Sat, 25 Jul 2020 15:04:57 -0700 (PDT)
From:   Peilin Ye <yepeilin.cs@gmail.com>
To:     Doug Ledford <dledford@redhat.com>, Jason Gunthorpe <jgg@ziepe.ca>
Cc:     Peilin Ye <yepeilin.cs@gmail.com>,
        Leon Romanovsky <leon@kernel.org>,
        Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        syzkaller-bugs@googlegroups.com,
        linux-kernel-mentees@lists.linuxfoundation.org,
        linux-rdma@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: [Linux-kernel-mentees] [PATCH] infiniband: Prevent uninit-value in ucma_accept()
Date:   Sat, 25 Jul 2020 18:02:03 -0400
Message-Id: <20200725220203.624557-1-yepeilin.cs@gmail.com>
X-Mailer: git-send-email 2.25.1
In-Reply-To: <20200725194839.623653-1-yepeilin.cs@gmail.com>
References: <20200725194839.623653-1-yepeilin.cs@gmail.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

ucma_accept() is reading uninitialized memory when `in_len` is
less than `offsetof(struct rdma_ucm_accept, ece)`. Fix it.

Signed-off-by: Peilin Ye <yepeilin.cs@gmail.com>
---
 drivers/infiniband/core/ucma.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/infiniband/core/ucma.c b/drivers/infiniband/core/ucma.c
index a591fdccdce0..842d297903c0 100644
--- a/drivers/infiniband/core/ucma.c
+++ b/drivers/infiniband/core/ucma.c
@@ -1134,7 +1134,7 @@ static ssize_t ucma_listen(struct ucma_file *file, const char __user *inbuf,
 static ssize_t ucma_accept(struct ucma_file *file, const char __user *inbuf,
 			   int in_len, int out_len)
 {
-	struct rdma_ucm_accept cmd;
+	struct rdma_ucm_accept cmd = {};
 	struct rdma_conn_param conn_param;
 	struct rdma_ucm_ece ece = {};
 	struct ucma_context *ctx;
-- 
2.25.1