archives/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-03-08 03:44:45 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
linux/drivers/infiniband/hw/irdma
History
Exact
Jason Gunthorpe 74586c6da9 RDMA/irdma: Fix kernel stack leak in irdma_create_user_ah() 
struct irdma_create_ah_resp {  // 8 bytes, no padding
    __u32 ah_id;               // offset 0 - SET (uresp.ah_id = ah->sc_ah.ah_info.ah_idx)
    __u8  rsvd[4];             // offset 4 - NEVER SET <- LEAK
};

rsvd[4]: 4 bytes of stack memory leaked unconditionally. Only ah_id is assigned before ib_respond_udata().

The reserved members of the structure were not zeroed.

Cc: stable@vger.kernel.org
Fixes: b48c24c2d7 ("RDMA/irdma: Implement device supported verb APIs")
Signed-off-by: Jason Gunthorpe <jgg@nvidia.com>
Link: https://patch.msgid.link/3-v1-83e918d69e73+a9-rdma_udata_rc_jgg@nvidia.com
Signed-off-by: Leon Romanovsky <leon@kernel.org>
2026-02-24 05:03:15 -05:00
..
cm.c Convert more 'alloc_obj' cases to default GFP_KERNEL arguments 2026-02-21 20:03:00 -08:00
cm.h IB: Use capital "OR" for multiple licenses in SPDX 2023-09-11 14:14:00 +03:00
ctrl.c RDMA/irdma: Use CQ ID for CEQE context 2026-01-25 08:54:20 -05:00
defs.h RDMA/irdma: Extend CQE Error and Flush Handling for GEN3 Devices 2025-09-18 04:48:46 -04:00
hmc.c RDMA/irdma: Add GEN3 core driver support 2025-09-18 04:48:45 -04:00
hmc.h RDMA/irdma: Add GEN3 core driver support 2025-09-18 04:48:45 -04:00
hw.c Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
i40iw_hw.c RDMA/irdma: Discover and set up GEN3 hardware register layout 2025-09-18 04:48:45 -04:00
i40iw_hw.h RDMA/irdma: Discover and set up GEN3 hardware register layout 2025-09-18 04:48:45 -04:00
i40iw_if.c Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
icrdma_hw.c RDMA/irdma: Discover and set up GEN3 hardware register layout 2025-09-18 04:48:45 -04:00
icrdma_hw.h RDMA/irdma: Discover and set up GEN3 hardware register layout 2025-09-18 04:48:45 -04:00
icrdma_if.c Convert more 'alloc_obj' cases to default GFP_KERNEL arguments 2026-02-21 20:03:00 -08:00
ig3rdma_hw.c RDMA/irdma: Add Atomic Operations support 2025-09-18 04:48:46 -04:00
ig3rdma_hw.h RDMA/irdma: Discover and set up GEN3 hardware register layout 2025-09-18 04:48:45 -04:00
ig3rdma_if.c Convert more 'alloc_obj' cases to default GFP_KERNEL arguments 2026-02-21 20:03:00 -08:00
irdma.h RDMA/irdma: Add SRQ support 2025-09-18 04:48:46 -04:00
Kconfig RDMA/irdma: Update Kconfig 2025-09-18 04:48:46 -04:00
main.c RDMA/irdma: Introduce GEN3 vPort driver support 2025-09-18 04:48:45 -04:00
main.h RDMA/irdma: Remove fixed 1 ms delay during AH wait loop 2026-01-13 08:19:11 -05:00
Makefile RDMA/irdma: Discover and set up GEN3 hardware register layout 2025-09-18 04:48:45 -04:00
osdep.h iidc/ice/irdma: Rename IDC header file 2025-04-30 08:31:49 -07:00
pble.c RDMA v6.19 merge window pull request 2025-12-04 18:54:37 -08:00
pble.h IB: Use capital "OR" for multiple licenses in SPDX 2023-09-11 14:14:00 +03:00
protos.h RDMA/irdma: Add GEN3 CQP support with deferred completions 2025-09-18 04:48:45 -04:00
puda.c RDMA/irdma: Use CQ ID for CEQE context 2026-01-25 08:54:20 -05:00
puda.h RDMA/irdma: Add GEN3 core driver support 2025-09-18 04:48:45 -04:00
trace.c IB: Use capital "OR" for multiple licenses in SPDX 2023-09-11 14:14:00 +03:00
trace.h IB: Use capital "OR" for multiple licenses in SPDX 2023-09-11 14:14:00 +03:00
trace_cm.h IB: Use capital "OR" for multiple licenses in SPDX 2023-09-11 14:14:00 +03:00
type.h RDMA/irdma: Use CQ ID for CEQE context 2026-01-25 08:54:20 -05:00
uda.c IB: Use capital "OR" for multiple licenses in SPDX 2023-09-11 14:14:00 +03:00
uda.h IB: Use capital "OR" for multiple licenses in SPDX 2023-09-11 14:14:00 +03:00
uda_d.h RDMA/irdma: Extend QP context programming for GEN3 2025-09-18 04:48:45 -04:00
uk.c RDMA/irdma: Remove redundant dma_wmb() before writel() 2026-01-13 08:01:37 -05:00
user.h RDMA/irdma: Remove doorbell elision logic 2025-11-26 02:26:05 -05:00
utils.c treewide: Replace kmalloc with kmalloc_obj for non-scalar types 2026-02-21 01:02:28 -08:00
verbs.c RDMA/irdma: Fix kernel stack leak in irdma_create_user_ah() 2026-02-24 05:03:15 -05:00
verbs.h RDMA v6.19 merge window pull request 2025-12-04 18:54:37 -08:00
virtchnl.c RDMA/irdma: Add GEN3 virtual QP1 support 2025-09-18 04:48:45 -04:00
virtchnl.h RDMA/irdma: Add GEN3 virtual QP1 support 2025-09-18 04:48:45 -04:00
ws.c IB: Use capital "OR" for multiple licenses in SPDX 2023-09-11 14:14:00 +03:00
ws.h IB: Use capital "OR" for multiple licenses in SPDX 2023-09-11 14:14:00 +03:00