From: Colin Ian King Date: Wed, 23 Jun 2021 18:24:37 +0000 (+0100) Subject: RDMA/bnxt_re: Fix uninitialized struct bit field rsvd1 X-Git-Url: http://git.maquefel.me/?a=commitdiff_plain;h=6becfe913bda839ae27224a2ea9d6cfb07c3fa2d;p=linux.git RDMA/bnxt_re: Fix uninitialized struct bit field rsvd1 The bit field rsvd1 in resp is not being initialized and garbage data is being copied from the stack back to userspace via the ib_copy_to_udata call. Fix this by setting the entire struct resp to zero; this will ensure that further new bit fields in the future will be zero'd too. Link: https://lore.kernel.org/r/20210623182437.163801-1-colin.king@canonical.com Addresses-Coverity: ("Uninitialized scalar variable") Fixes: 879740517dab ("RDMA/bnxt_re: Update ABI to pass wqe-mode to user space") Signed-off-by: Colin Ian King [jgg: remove extra zeroing] Signed-off-by: Jason Gunthorpe --- diff --git a/drivers/infiniband/hw/bnxt_re/ib_verbs.c b/drivers/infiniband/hw/bnxt_re/ib_verbs.c index 5955713234cb9..283b6b81563cc 100644 --- a/drivers/infiniband/hw/bnxt_re/ib_verbs.c +++ b/drivers/infiniband/hw/bnxt_re/ib_verbs.c @@ -3844,7 +3844,7 @@ int bnxt_re_alloc_ucontext(struct ib_ucontext *ctx, struct ib_udata *udata) container_of(ctx, struct bnxt_re_ucontext, ib_uctx); struct bnxt_re_dev *rdev = to_bnxt_re_dev(ibdev, ibdev); struct bnxt_qplib_dev_attr *dev_attr = &rdev->dev_attr; - struct bnxt_re_uctx_resp resp; + struct bnxt_re_uctx_resp resp = {}; u32 chip_met_rev_num = 0; int rc; @@ -3872,15 +3872,12 @@ int bnxt_re_alloc_ucontext(struct ib_ucontext *ctx, struct ib_udata *udata) chip_met_rev_num |= ((u32)rdev->chip_ctx->chip_metal & 0xFF) << BNXT_RE_CHIP_ID0_CHIP_MET_SFT; resp.chip_id0 = chip_met_rev_num; - /* Future extension of chip info */ - resp.chip_id1 = 0; /*Temp, Use xa_alloc instead */ resp.dev_id = rdev->en_dev->pdev->devfn; resp.max_qp = rdev->qplib_ctx.qpc_count; resp.pg_size = PAGE_SIZE; resp.cqe_sz = sizeof(struct cq_base); resp.max_cqd = dev_attr->max_cq_wqes; - resp.rsvd = 0; resp.comp_mask |= BNXT_RE_UCNTX_CMASK_HAVE_MODE; resp.mode = rdev->chip_ctx->modes.wqe_mode;