From: Colin Ian King <colin.king@xxxxxxxxxxxxx>
The bit field rsvd1 in resp is not being initialized and garbage data
is being copied from the stack back to userspace via the ib_copy_to_udata
call. Fix this by setting the entire struct resp to zero; this will ensure
that further new bit fields in the future will be zero'd too.
Addresses-Coverity: ("Uninitialized scalar variable")
Fixes: 879740517dab ("RDMA/bnxt_re: Update ABI to pass wqe-mode to user space")
Signed-off-by: Colin Ian King <colin.king@xxxxxxxxxxxxx>
---
V2: set entire struct resp to zero rather than the new field. Thanks to
Jason Gunthorpe for suggesting this improved fix.
---
drivers/infiniband/hw/bnxt_re/ib_verbs.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/infiniband/hw/bnxt_re/ib_verbs.c b/drivers/infiniband/hw/bnxt_re/ib_verbs.c
index 5955713234cb..6d4508794342 100644
--- a/drivers/infiniband/hw/bnxt_re/ib_verbs.c
+++ b/drivers/infiniband/hw/bnxt_re/ib_verbs.c
@@ -3844,7 +3844,7 @@ int bnxt_re_alloc_ucontext(struct ib_ucontext *ctx, struct ib_udata *udata)
container_of(ctx, struct bnxt_re_ucontext, ib_uctx);
struct bnxt_re_dev *rdev = to_bnxt_re_dev(ibdev, ibdev);
struct bnxt_qplib_dev_attr *dev_attr = &rdev->dev_attr;
- struct bnxt_re_uctx_resp resp;
+ struct bnxt_re_uctx_resp resp = {};
u32 chip_met_rev_num = 0;
int rc;
--
2.31.1
