diff mbox series

[next] RDMA/bnxt_re: fix or'ing of data into an uninitialized struct member

Message ID 20190211133415.9020-1-colin.king@canonical.com (mailing list archive)
State Mainlined
Commit a87145957eb9c474559b3acd2cfc6e8914b0e08f
Delegated to: Jason Gunthorpe
Headers show
Series [next] RDMA/bnxt_re: fix or'ing of data into an uninitialized struct member | expand

Commit Message

Colin King Feb. 11, 2019, 1:34 p.m. UTC 
From: Colin Ian King <colin.king@canonical.com>

The struct member comp_mask has not been initialized however a bit
pattern is being bitwise or'd into the member and hence other bit
fields in comp_mask may contain any garbage from the stack. Fix this
by making the bitwise or into an assignment.

Fixes: 95b86d1c91ad ("RDMA/bnxt_re: Update kernel user abi to pass chip context")
Signed-off-by: Colin Ian King <colin.king@canonical.com>
---
 drivers/infiniband/hw/bnxt_re/ib_verbs.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Devesh Sharma Feb. 11, 2019, 1:41 p.m. UTC | #1 
On Mon, Feb 11, 2019 at 7:04 PM Colin King <colin.king@canonical.com> wrote:
>
> From: Colin Ian King <colin.king@canonical.com>
>
> The struct member comp_mask has not been initialized however a bit
> pattern is being bitwise or'd into the member and hence other bit
> fields in comp_mask may contain any garbage from the stack. Fix this
> by making the bitwise or into an assignment.
>
> Fixes: 95b86d1c91ad ("RDMA/bnxt_re: Update kernel user abi to pass chip context")
> Signed-off-by: Colin Ian King <colin.king@canonical.com>
> ---
>  drivers/infiniband/hw/bnxt_re/ib_verbs.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/infiniband/hw/bnxt_re/ib_verbs.c b/drivers/infiniband/hw/bnxt_re/ib_verbs.c
> index 1d7469e23cde..de5cb9a61a78 100644
> --- a/drivers/infiniband/hw/bnxt_re/ib_verbs.c
> +++ b/drivers/infiniband/hw/bnxt_re/ib_verbs.c
> @@ -3720,7 +3720,7 @@ struct ib_ucontext *bnxt_re_alloc_ucontext(struct ib_device *ibdev,
>         }
>         spin_lock_init(&uctx->sh_lock);
>
> -       resp.comp_mask |= BNXT_RE_UCNTX_CMASK_HAVE_CCTX;
> +       resp.comp_mask = BNXT_RE_UCNTX_CMASK_HAVE_CCTX;
>         chip_met_rev_num = rdev->chip_ctx.chip_num;
>         chip_met_rev_num |= ((u32)rdev->chip_ctx.chip_rev & 0xFF) <<
>                              BNXT_RE_CHIP_ID0_CHIP_REV_SFT;
> --
> 2.20.1
>
Thanks  that was missed!

Acked-By: Devesh Sharma <devesh.sharma@broadcom.com>
Jason Gunthorpe Feb. 11, 2019, 10:35 p.m. UTC | #2 
On Mon, Feb 11, 2019 at 01:34:15PM +0000, Colin King wrote:
> From: Colin Ian King <colin.king@canonical.com>
> 
> The struct member comp_mask has not been initialized however a bit
> pattern is being bitwise or'd into the member and hence other bit
> fields in comp_mask may contain any garbage from the stack. Fix this
> by making the bitwise or into an assignment.
> 
> Fixes: 95b86d1c91ad ("RDMA/bnxt_re: Update kernel user abi to pass chip context")
> Signed-off-by: Colin Ian King <colin.king@canonical.com>
> Acked-By: Devesh Sharma <devesh.sharma@broadcom.com>
> ---
>  drivers/infiniband/hw/bnxt_re/ib_verbs.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)

Applied to for-next thanks

Jason
diff mbox series

Patch

diff --git a/drivers/infiniband/hw/bnxt_re/ib_verbs.c b/drivers/infiniband/hw/bnxt_re/ib_verbs.c
index 1d7469e23cde..de5cb9a61a78 100644
--- a/drivers/infiniband/hw/bnxt_re/ib_verbs.c
+++ b/drivers/infiniband/hw/bnxt_re/ib_verbs.c
@@ -3720,7 +3720,7 @@  struct ib_ucontext *bnxt_re_alloc_ucontext(struct ib_device *ibdev,
 	}
 	spin_lock_init(&uctx->sh_lock);
 
-	resp.comp_mask |= BNXT_RE_UCNTX_CMASK_HAVE_CCTX;
+	resp.comp_mask = BNXT_RE_UCNTX_CMASK_HAVE_CCTX;
 	chip_met_rev_num = rdev->chip_ctx.chip_num;
 	chip_met_rev_num |= ((u32)rdev->chip_ctx.chip_rev & 0xFF) <<
 			     BNXT_RE_CHIP_ID0_CHIP_REV_SFT;