On Tue, Feb 19, 2019 at 03:18:37PM -0700, Jason Gunthorpe wrote:
> On Tue, Feb 19, 2019 at 01:09:57PM +0200, Leon Romanovsky wrote:
> > From: Leon Romanovsky <leonro@xxxxxxxxxxxx>
> >
> > The strlen() check at the beginning of iw_cm_map() ensures that devname
> > and ifname strings are less than destinations to which they are supposed
> > to be copied. Change strncpy() call to be strcpy(), because we are
> > protected from overflow.
> >
> > This fix the compilation warning below:
> >
> > In file included from ./include/linux/dma-mapping.h:6,
> > from drivers/infiniband/core/iwcm.c:38:
> > In function _strncpy_,
> > inlined from _iw_cm_map_ at drivers/infiniband/core/iwcm.c:519:2:
> > ./include/linux/string.h:253:9: warning: ___builtin_strncpy_ specified
> > bound 32 equals destination size [-Wstringop-truncation]
> > return __builtin_strncpy(p, q, size);
> > ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> >
> > Fixes: d53ec8af56d5 ("RDMA/iwcm: Don't copy past the end of dev_name() string")
> > Signed-off-by: Leon Romanovsky <leonro@xxxxxxxxxxxx>
> > drivers/infiniband/core/iwcm.c | 6 +++---
> > 1 file changed, 3 insertions(+), 3 deletions(-)
> > diff --git a/drivers/infiniband/core/iwcm.c b/drivers/infiniband/core/iwcm.c
> > index 350ea2bab78a..732637c913d9 100644
> > +++ b/drivers/infiniband/core/iwcm.c
> > @@ -505,7 +505,7 @@ static int iw_cm_map(struct iw_cm_id *cm_id, bool active)
> > {
> > const char *devname = dev_name(&cm_id->device->dev);
> > const char *ifname = cm_id->device->iwcm->ifname;
> > - struct iwpm_dev_data pm_reg_msg;
> > + struct iwpm_dev_data pm_reg_msg = {};
>
> Huh. This looks like a kernel stack data leak fix? The arrays in that
> struct are passed to ibl_put_attr at least.
I'm not sure about that, because those arrays are NULL-terminated, but I
didn't invest time to look it more closely.
>
> Lets remark about that in the commit message.
>
> Applied to for-next
>
> Jason
Attachment:
signature.asc
Description: PGP signature
