Peilin Ye 24578a23b2 rds: Prevent kernel-infoleak in rds_notify_queue_get() ... commit bbc8a99e952226c585ac17477a85ef1194501762 upstream. rds_notify_queue_get() is potentially copying uninitialized kernel stack memory to userspace since the compiler may leave a 4-byte hole at the end of `cmsg`. In 2016 we tried to fix this issue by doing `= { 0 };` on `cmsg`, which unfortunately does not always initialize that 4-byte hole. Fix it by using memset() instead. Cc: stable@vger.kernel.org Fixes: f037590fff ("rds: fix a leak of kernel memory") Fixes: bdbe6fbc6a ("RDS: recv.c") Suggested-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Peilin Ye <yepeilin.cs@gmail.com> Acked-by: Santosh Shilimkar <santosh.shilimkar@oracle.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>		2020-08-05 10:06:01 +02:00
..
af_rds.c
bind.c	net/rds: Check laddr_check before calling it	2019-10-01 08:26:13 +02:00
cong.c
connection.c
ib.c	net/rds: Fix error handling in rds_ib_add_one()	2019-10-07 18:57:24 +02:00
ib.h
ib_cm.c
ib_fmr.c
ib_frmr.c
ib_mr.h
ib_rdma.c
ib_recv.c
ib_ring.c
ib_send.c
ib_stats.c	net/rds: Fix 'ib_evt_handler_call' element in 'rds_ib_stat_names'	2020-01-27 14:51:13 +01:00
ib_sysctl.c
info.c
info.h
Kconfig
loop.c
loop.h
Makefile
message.c
page.c
rdma.c
rdma_transport.c
rdma_transport.h
rds.h
rds_single_path.h
recv.c	rds: Prevent kernel-infoleak in rds_notify_queue_get()	2020-08-05 10:06:01 +02:00
send.c
stats.c	net/rds: Add a few missing rds_stat_names entries	2020-01-27 14:51:04 +01:00
sysctl.c
tcp.c
tcp.h
tcp_connect.c
tcp_listen.c
tcp_recv.c
tcp_send.c
tcp_stats.c
threads.c
transport.c