Commit e517f76a authored by Kees Cook's avatar Kees Cook Committed by Jason Gunthorpe
Browse files

RDMA/mlx5: Use memset_after() to zero struct mlx5_ib_mr 

In preparation for FORTIFY_SOURCE performing compile-time and run-time
field bounds checking for memset(), avoid intentionally writing across
neighboring fields.

Use memset_after() to zero the end of struct mlx5_ib_mr that should be
initialized.

Link: https://lore.kernel.org/r/20211213223331.135412-10-keescook@chromium.org


Acked-by: default avatarLeon Romanovsky <leonro@nvidia.com>
Signed-off-by: default avatarKees Cook <keescook@chromium.org>
Signed-off-by: default avatarJason Gunthorpe <jgg@nvidia.com>
parent 4922f092

drivers/infiniband/hw/mlx5/mlx5_ib.h

+2 −2
Original line number Original line Diff line number Diff line
@@ -664,8 +664,8 @@ struct mlx5_ib_mr { 




	/* User MR data */

	/* User MR data */

	struct mlx5_cache_ent *cache_ent;

	struct mlx5_cache_ent *cache_ent;

	/* Everything after cache_ent is zero'd when MR allocated */





	/* This is zero'd when the MR is allocated */

	union {

	union {

		/* Used only while the MR is in the cache */

		/* Used only while the MR is in the cache */

		struct {

		struct {
@@ -718,7 +718,7 @@ struct mlx5_ib_mr { 
/* Zero the fields in the mr that are variant depending on usage */

/* Zero the fields in the mr that are variant depending on usage */

static inline void mlx5_clear_mr(struct mlx5_ib_mr *mr)

static inline void mlx5_clear_mr(struct mlx5_ib_mr *mr)

{

{

	memset(mr->out, 0, sizeof(*mr) - offsetof(struct mlx5_ib_mr, out));

	memset_after(mr, 0, cache_ent);

}

}





static inline bool is_odp_mr(struct mlx5_ib_mr *mr)

static inline bool is_odp_mr(struct mlx5_ib_mr *mr)