On Sat, Aug 11, 2018 at 10:43:42AM +0300, Leon Romanovsky wrote:
> On Thu, Aug 09, 2018 at 03:06:55PM -0600, Jason Gunthorpe wrote:
> > mlx5_ib_create_qp_resp was never initialized and only the first 4 bytes
> > were written. Static checkers missed this because the struct was
> > un-necessarily created in a different function, so consolidate that too.
> >
> > Fixes: 41d902cb7c32 ("RDMA/mlx5: Fix definition of mlx5_ib_create_qp_resp")
> > Cc: <stable@xxxxxxxxxxxxxxx>
> > Signed-off-by: Jason Gunthorpe <jgg@xxxxxxxxxxxx>
> > ---
>
> Except that mentioned "Fixes" is not related and patch subject is
> misleading.
The patch in fixes created the bug by extending the structure and
not intializing the new fields.
> Userspace simply see garbage memory which belongs to
> mlx5_ib_create_qp_resp and not to "stack memory".
mlx5_ib_create_qp_resp is allocated on the stack, so it is properly
called kernel "stack memory"
Jason
