summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorColin Ian King <colin.king@canonical.com>2021-06-23 19:24:37 +0100
committerJason Gunthorpe <jgg@nvidia.com>2021-06-24 09:16:42 -0300
commit6becfe913bda839ae27224a2ea9d6cfb07c3fa2d (patch)
tree3f59e951b4909ad403af6cd1222be8f9d98e7678
parent109d19a5eb3ddbdb87c43bfd4bcf644f4569da64 (diff)
RDMA/bnxt_re: Fix uninitialized struct bit field rsvd1
The bit field rsvd1 in resp is not being initialized and garbage data is being copied from the stack back to userspace via the ib_copy_to_udata call. Fix this by setting the entire struct resp to zero; this will ensure that further new bit fields in the future will be zero'd too. Link: https://lore.kernel.org/r/20210623182437.163801-1-colin.king@canonical.com Addresses-Coverity: ("Uninitialized scalar variable") Fixes: 879740517dab ("RDMA/bnxt_re: Update ABI to pass wqe-mode to user space") Signed-off-by: Colin Ian King <colin.king@canonical.com> [jgg: remove extra zeroing] Signed-off-by: Jason Gunthorpe <jgg@nvidia.com>
-rw-r--r--drivers/infiniband/hw/bnxt_re/ib_verbs.c5
1 files changed, 1 insertions, 4 deletions
diff --git a/drivers/infiniband/hw/bnxt_re/ib_verbs.c b/drivers/infiniband/hw/bnxt_re/ib_verbs.c
index 5955713234cb..283b6b81563c 100644
--- a/drivers/infiniband/hw/bnxt_re/ib_verbs.c
+++ b/drivers/infiniband/hw/bnxt_re/ib_verbs.c
@@ -3844,7 +3844,7 @@ int bnxt_re_alloc_ucontext(struct ib_ucontext *ctx, struct ib_udata *udata)
container_of(ctx, struct bnxt_re_ucontext, ib_uctx);
struct bnxt_re_dev *rdev = to_bnxt_re_dev(ibdev, ibdev);
struct bnxt_qplib_dev_attr *dev_attr = &rdev->dev_attr;
- struct bnxt_re_uctx_resp resp;
+ struct bnxt_re_uctx_resp resp = {};
u32 chip_met_rev_num = 0;
int rc;
@@ -3872,15 +3872,12 @@ int bnxt_re_alloc_ucontext(struct ib_ucontext *ctx, struct ib_udata *udata)
chip_met_rev_num |= ((u32)rdev->chip_ctx->chip_metal & 0xFF) <<
BNXT_RE_CHIP_ID0_CHIP_MET_SFT;
resp.chip_id0 = chip_met_rev_num;
- /* Future extension of chip info */
- resp.chip_id1 = 0;
/*Temp, Use xa_alloc instead */
resp.dev_id = rdev->en_dev->pdev->devfn;
resp.max_qp = rdev->qplib_ctx.qpc_count;
resp.pg_size = PAGE_SIZE;
resp.cqe_sz = sizeof(struct cq_base);
resp.max_cqd = dev_attr->max_cq_wqes;
- resp.rsvd = 0;
resp.comp_mask |= BNXT_RE_UCNTX_CMASK_HAVE_MODE;
resp.mode = rdev->chip_ctx->modes.wqe_mode;