Hello Upinder Malhi,
The patch b1819c455542: "IB/usnic: Add Cisco VIC low-level hardware
driver" from Sep 10, 2013, leads to the following static checker
warning:
drivers/infiniband/hw/usnic/usnic_ib_verbs.c:114
usnic_ib_fill_create_qp_resp()
warn: check that 'resp' doesn't leak information (struct has
a hole after 'transport')
drivers/infiniband/hw/usnic/usnic_ib_verbs.c
109 WARN_ON(chunk->type != USNIC_VNIC_RES_TYPE_CQ);
110 resp.cq_cnt = chunk->cnt;
111 for (i = 0; i < chunk->cnt; i++)
112 resp.cq_idx[i] = chunk->res[i]->vnic_idx;
113
114 err = ib_copy_to_udata(udata, &resp, sizeof(resp));
^^^^^
The "resp" struct has a struct hole and uninitialized struct members so
it leaks uninitialized stack information to the user (information
disclosure security bug).
115 if (err) {
116 usnic_err("Failed to copy udata for %s",
us_ibdev->ib_dev.name);
117 return err;
118 }
regards,
dan carpenter
--
To unsubscribe from this list: send the line "unsubscribe linux-rdma" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
