[PATCH 3.16.y-ckt 077/144] IB/core: Avoid leakage from kernel to user space
Luis Henriques
luis.henriques at canonical.com
Tue Apr 21 15:31:02 UTC 2015
3.16.7-ckt10 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Eli Cohen <eli at dev.mellanox.co.il>
commit 377b513485fd885dea1083a9a5430df65b35e048 upstream.
Clear the reserved field of struct ib_uverbs_async_event_desc which is
copied to user space.
Signed-off-by: Eli Cohen <eli at mellanox.com>
Reviewed-by: Yann Droneaud <ydroneaud at opteya.com>
Signed-off-by: Roland Dreier <roland at purestorage.com>
Signed-off-by: Luis Henriques <luis.henriques at canonical.com>
---
drivers/infiniband/core/uverbs_main.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/infiniband/core/uverbs_main.c b/drivers/infiniband/core/uverbs_main.c
index 08219fb3338b..7a515c867674 100644
--- a/drivers/infiniband/core/uverbs_main.c
+++ b/drivers/infiniband/core/uverbs_main.c
@@ -476,6 +476,7 @@ static void ib_uverbs_async_handler(struct ib_uverbs_file *file,
entry->desc.async.element = element;
entry->desc.async.event_type = event;
+ entry->desc.async.reserved = 0;
entry->counter = counter;
list_add_tail(&entry->list, &file->async_file->event_list);
More information about the kernel-team
mailing list