The aac_srb_reply struct ends in a 2 byte hole so we end up leaking a bit of information to user space. Fixes: 423400e64d37 ("scsi: aacraid: Include HBA direct interface") Signed-off-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx> diff --git a/drivers/scsi/aacraid/commctrl.c b/drivers/scsi/aacraid/commctrl.c index 614842a9eb07..12dc867b7c74 100644 --- a/drivers/scsi/aacraid/commctrl.c +++ b/drivers/scsi/aacraid/commctrl.c @@ -948,6 +948,7 @@ static int aac_send_raw_srb(struct aac_dev* dev, void __user * arg) &((struct aac_native_hba *)srbfib->hw_fib_va)->resp.err; struct aac_srb_reply reply; + memset(&reply, 0, sizeof(reply)); reply.status = ST_OK; if (srbfib->flags & FIB_CONTEXT_FLAG_FASTRESP) { /* fast response */ -- To unsubscribe from this list: send the line "unsubscribe kernel-janitors" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html