91a4d157d0
ib_ucm_init_qp_attr() and ucma_init_qp_attr() pass struct ib_uverbs_qp_attr with reserved, qp_state, {ah_attr,alt_ah_attr}{reserved,->grh.reserved} fields uninitialized to copy_to_user(). This leads to leaking of contents of kernel stack memory to userspace. Signed-off-by: Vasiliy Kulikov <segoon@openwall.com> Signed-off-by: Roland Dreier <rolandd@cisco.com> |
||
---|---|---|
.. | ||
addr.c | ||
agent.c | ||
agent.h | ||
cache.c | ||
cm.c | ||
cm_msgs.h | ||
cma.c | ||
core_priv.h | ||
device.c | ||
fmr_pool.c | ||
iwcm.c | ||
iwcm.h | ||
mad.c | ||
mad_priv.h | ||
mad_rmpp.c | ||
mad_rmpp.h | ||
Makefile | ||
multicast.c | ||
packer.c | ||
sa.h | ||
sa_query.c | ||
smi.c | ||
smi.h | ||
sysfs.c | ||
ucm.c | ||
ucma.c | ||
ud_header.c | ||
umem.c | ||
user_mad.c | ||
uverbs.h | ||
uverbs_cmd.c | ||
uverbs_main.c | ||
uverbs_marshall.c | ||
verbs.c |