Patch "RDMA/hns: Fix uninitialized ucmd in hns_roce_create_qp_common()" has been added to the 6.1-stable tree

Sasha Levin <sashal@xxxxxxxxxx> · Fri, 10 Nov 2023 14:12:17 -0500

This is a note to let you know that I've just added the patch titled

    RDMA/hns: Fix uninitialized ucmd in hns_roce_create_qp_common()

to the 6.1-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     rdma-hns-fix-uninitialized-ucmd-in-hns_roce_create_q.patch
and it can be found in the queue-6.1 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit 6c65b2c81da49ffce97ecc7f96aaea7faf1abbdc
Author: Chengchang Tang <tangchengchang@xxxxxxxxxx>
Date:   Tue Oct 17 20:52:34 2023 +0800

    RDMA/hns: Fix uninitialized ucmd in hns_roce_create_qp_common()
    
    [ Upstream commit c64e9710f9241e38a1c761ed1c1a30854784da66 ]
    
    ucmd in hns_roce_create_qp_common() are not initialized. But it works fine
    until new member sdb_addr is added to struct hns_roce_ib_create_qp.
    
    If the user-mode driver uses an old version ABI, then the value of the new
    member will be undefined after ib_copy_from_udata().
    
    This patch fixes it by initialize this variable to 0. And the default value
    of the new member sdb_addr will be 0 which is invalid.
    
    Fixes: 0425e3e6e0c7 ("RDMA/hns: Support flush cqe for hip08 in kernel space")
    Signed-off-by: Chengchang Tang <tangchengchang@xxxxxxxxxx>
    Signed-off-by: Junxian Huang <huangjunxian6@xxxxxxxxxxxxx>
    Link: https://lore.kernel.org/r/20231017125239.164455-3-huangjunxian6@xxxxxxxxxxxxx
    Signed-off-by: Leon Romanovsky <leon@xxxxxxxxxx>
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/drivers/infiniband/hw/hns/hns_roce_qp.c b/drivers/infiniband/hw/hns/hns_roce_qp.c
index 7a95f8677a02c..7b79e6b3f3baa 100644
--- a/drivers/infiniband/hw/hns/hns_roce_qp.c
+++ b/drivers/infiniband/hw/hns/hns_roce_qp.c
@@ -1128,7 +1128,7 @@ static int hns_roce_create_qp_common(struct hns_roce_dev *hr_dev,
 {
 	struct hns_roce_ib_create_qp_resp resp = {};
 	struct ib_device *ibdev = &hr_dev->ib_dev;
-	struct hns_roce_ib_create_qp ucmd;
+	struct hns_roce_ib_create_qp ucmd = {};
 	int ret;
 
 	mutex_init(&hr_qp->mutex);






