On Tue, May 24, 2022 at 06:23:53PM +0300, Dan Carpenter wrote:
> The ib_copy_from_udata() function does not always initialize the whole
> struct. It depends on the value of udata->inlen. So initialize it to
> zero at the start.
>
> Fixes: b48c24c2d710 ("RDMA/irdma: Implement device supported verb APIs")
> Signed-off-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
> What I know is that RDMA takes fast paths very seriously.
>
> This is probably a fast path so you may want to implement a different
> solution. If you want to do something else then, just feel free to do
> that and give me a Reported-by tag.
This isn't fast path..
But the bug here is not validating inlen properly and should be fixed
there, not by zero-initing and allowing userspace to pass in an
invalid inlen..
Jason
