linux/drivers/infiniband/core
Vasiliy Kulikov 91a4d157d0 IB: Fix information leak in marshalling code
ib_ucm_init_qp_attr() and ucma_init_qp_attr() pass struct ib_uverbs_qp_attr
with reserved, qp_state, {ah_attr,alt_ah_attr}{reserved,->grh.reserved}
fields uninitialized to copy_to_user().  This leads to leaking of
contents of kernel stack memory to userspace.

Signed-off-by: Vasiliy Kulikov <segoon@openwall.com>
Signed-off-by: Roland Dreier <rolandd@cisco.com>
2010-12-01 16:33:18 -08:00
..
Makefile IB/uverbs: Export ib_umem_get()/ib_umem_release() to modules 2007-05-08 18:00:37 -07:00
addr.c net-next: remove useless union keyword 2010-06-10 23:31:35 -07:00
agent.c IB/mad: IBoE supports only QP1 (no QP0) 2010-10-13 09:38:11 -07:00
agent.h RDMA: Remove subversion $Id tags 2008-07-14 23:48:44 -07:00
cache.c RDMA: Remove subversion $Id tags 2008-07-14 23:48:44 -07:00
cm.c IB/cm: Check LAP state before sending an MRA 2010-07-28 15:18:24 -07:00
cm_msgs.h IB: Remove __constant_{endian} uses 2009-01-17 17:11:57 -08:00
cma.c IB/core: Add VLAN support for IBoE 2010-10-25 10:20:39 -07:00
core_priv.h IB/core: Allow device-specific per-port sysfs files 2010-05-21 10:34:44 -07:00
device.c IB/core: Allow device-specific per-port sysfs files 2010-05-21 10:34:44 -07:00
fmr_pool.c RDMA: Remove subversion $Id tags 2008-07-14 23:48:44 -07:00
iwcm.c RDMA/iwcm: Fix hang in uninterruptible wait on cm_id destroy 2010-10-11 20:24:04 -07:00
iwcm.h RDMA: iWARP Connection Manager. 2006-09-22 15:22:46 -07:00
mad.c IB/mad: IBoE supports only QP1 (no QP0) 2010-10-13 09:38:11 -07:00
mad_priv.h IB/mad: Allow tuning of QP0 and QP1 sizes 2009-09-07 08:28:48 -07:00
mad_rmpp.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
mad_rmpp.h RDMA: Remove subversion $Id tags 2008-07-14 23:48:44 -07:00
multicast.c IB/mad: IBoE supports only QP1 (no QP0) 2010-10-13 09:38:11 -07:00
packer.c RDMA: Remove subversion $Id tags 2008-07-14 23:48:44 -07:00
sa.h IB: Remove garbage non-ASCII characters from comments 2007-07-09 16:17:32 -07:00
sa_query.c RDMA/cm: Add RDMA CM support for IBoE devices 2010-10-13 15:46:43 -07:00
smi.c IB/mad: Check hop count field in directed route MAD to avoid array overflow 2009-09-05 20:24:10 -07:00
smi.h IB/mad: Enable loopback of DR SMP responses from userspace 2008-01-25 14:15:25 -08:00
sysfs.c IB/core: Add link layer type information to sysfs 2010-10-25 10:20:39 -07:00
ucm.c IB/ucm: Use memdup_user() 2010-05-25 21:10:57 -07:00
ucma.c Merge branches 'amso1100', 'cma', 'cxgb3', 'cxgb4', 'ehca', 'iboe', 'ipoib', 'misc', 'mlx4', 'nes', 'qib' and 'srp' into for-next 2010-10-26 16:09:11 -07:00
ud_header.c IB/pack: Remove some unused code added by the IBoE patches 2010-12-01 16:30:18 -08:00
umem.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
user_mad.c IB/umad: Make user_mad semaphore a real one 2010-09-28 20:52:21 -07:00
uverbs.h Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs-2.6 2010-03-04 08:15:33 -08:00
uverbs_cmd.c IB/uverbs: Return link layer type to userspace for query port operation 2010-10-25 10:20:39 -07:00
uverbs_main.c IB: Explicitly rule out llseek to avoid BKL in default_llseek() 2010-04-21 12:17:38 -07:00
uverbs_marshall.c IB: Fix information leak in marshalling code 2010-12-01 16:33:18 -08:00
verbs.c IB/core: Add link layer property to ports 2010-09-27 17:51:10 -07:00