On Fri, Feb 04, 2022 at 01:00:36PM +0300, Dan Carpenter wrote:
> From: Haimin Zhang <tcs.kernel@xxxxxxxxx>
>
> The ib_copy_ah_attr_to_user() function only initializes "resp.grh" if
> the "resp.is_global" flag is set. Unfortunately, this data is copied to
> the user and copying uninitialized stack data to the user is an
> information leak. Zero out the whole "resp" struct to be safe.
Hasn't this already been fixed, and more comprehensively too?
commit b35a0f4dd544eaa6162b6d2f13a2557a121ae5fd
Author: Leon Romanovsky <leon@xxxxxxxxxx>
Date: Tue Jan 4 14:21:52 2022 +0200
RDMA/core: Don't infoleak GRH fields
If dst->is_global field is not set, the GRH fields are not cleared
and the following infoleak is reported.
Jason
