IB/mlx5: Fix leaking stack memory to userspace

mlx5_ib_create_qp_resp was never initialized and only the first 4 bytes were written. Fixes: 41d902cb7c32 ("RDMA/mlx5: Fix definition of mlx5_ib_create_qp_resp") Cc: <stable@vger.kernel.org> Acked-by: Leon Romanovsky <leonro@mellanox.com> Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
author: Jason Gunthorpe <jgg@mellanox.com> 2018-08-14 15:33:52 -0600
committer: Jason Gunthorpe <jgg@mellanox.com> 2018-08-14 15:35:12 -0600
commit: 0625b4ba1a5d4703c7fb01c497bd6c156908af00 (patch)
tree: f15b75c430a49c33bca7b26f84285d843691f4d8
parent: 0da9be22cdcbcbe0e5f04271dcfac71601526a3e (diff)
download: syzbot-bug-0625b4ba1a5d4703c7fb01c497bd6c156908af00.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/drivers/infiniband/hw/mlx5/qp.c b/drivers/infiniband/hw/mlx5/qp.c
index 351c2efceb355c..6cba2a02d11bad 100644
--- a/drivers/infiniband/hw/mlx5/qp.c
+++ b/drivers/infiniband/hw/mlx5/qp.c
@@ -1607,7 +1607,7 @@ static int create_qp_common(struct mlx5_ib_dev *dev, struct ib_pd *pd,
 	struct mlx5_ib_resources *devr = &dev->devr;
 	int inlen = MLX5_ST_SZ_BYTES(create_qp_in);
 	struct mlx5_core_dev *mdev = dev->mdev;
-	struct mlx5_ib_create_qp_resp resp;
+	struct mlx5_ib_create_qp_resp resp = {};
 	struct mlx5_ib_cq *send_cq;
 	struct mlx5_ib_cq *recv_cq;
 	unsigned long flags;
author	Jason Gunthorpe <jgg@mellanox.com>	2018-08-14 15:33:52 -0600
committer	Jason Gunthorpe <jgg@mellanox.com>	2018-08-14 15:35:12 -0600
commit	0625b4ba1a5d4703c7fb01c497bd6c156908af00 (patch)
tree	f15b75c430a49c33bca7b26f84285d843691f4d8
parent	0da9be22cdcbcbe0e5f04271dcfac71601526a3e (diff)
download	syzbot-bug-0625b4ba1a5d4703c7fb01c497bd6c156908af00.tar.gz