[1/2] nvme-rdma: Don't leak uninitialized memory in connect request private data

Commit Message

Roland Dreier July 31, 2016, 7:27 a.m. UTC

From: Roland Dreier <roland@purestorage.com>

Zero out the full nvme_rdma_cm_req structure before sending it.
Otherwise we end up leaking kernel memory in the reserved field, which
might break forward compatibility in the future.

Signed-off-by: Roland Dreier <roland@purestorage.com>
---
 drivers/nvme/host/rdma.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Sagi Grimberg July 31, 2016, 8:44 a.m. UTC | #1

Looks fine,

Acked-by: Sagi Grimberg <sai@grimberg.me>
--
To unsubscribe from this list: send the line "unsubscribe linux-rdma" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Christoph Hellwig Aug. 1, 2016, 11:07 a.m. UTC | #2

On Sun, Jul 31, 2016 at 12:27:39AM -0700, Roland Dreier wrote:
> From: Roland Dreier <roland@purestorage.com>
> 
> Zero out the full nvme_rdma_cm_req structure before sending it.
> Otherwise we end up leaking kernel memory in the reserved field, which
> might break forward compatibility in the future.
> 
> Signed-off-by: Roland Dreier <roland@purestorage.com>

Looks fine,

Reviewed-by: Christoph Hellwig <hch@lst.de>
--
To unsubscribe from this list: send the line "unsubscribe linux-rdma" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Patch

diff --git a/drivers/nvme/host/rdma.c b/drivers/nvme/host/rdma.c
index 3e3ce2b0424e..b96b88369871 100644
--- a/drivers/nvme/host/rdma.c
+++ b/drivers/nvme/host/rdma.c
@@ -1269,7 +1269,7 @@  static int nvme_rdma_route_resolved(struct nvme_rdma_queue *queue)
 {
 	struct nvme_rdma_ctrl *ctrl = queue->ctrl;
 	struct rdma_conn_param param = { };
-	struct nvme_rdma_cm_req priv;
+	struct nvme_rdma_cm_req priv = { };
 	int ret;
 
 	param.qp_num = queue->qp->qp_num;