From nobody Thu Apr  2 20:02:59 2026
Return-Path: <linux-kernel-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 78254C6FA82
	for <linux-kernel@archiver.kernel.org>; Wed, 21 Sep 2022 15:52:25 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S231792AbiIUPwX (ORCPT <rfc822;linux-kernel@archiver.kernel.org>);
        Wed, 21 Sep 2022 11:52:23 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50784 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S231439AbiIUPvY (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 21 Sep 2022 11:51:24 -0400
Received: from ams.source.kernel.org (ams.source.kernel.org
 [IPv6:2604:1380:4601:e00::1])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 88D229E8B3;
        Wed, 21 Sep 2022 08:49:11 -0700 (PDT)
Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by ams.source.kernel.org (Postfix) with ESMTPS id 12195B830B0;
        Wed, 21 Sep 2022 15:48:57 +0000 (UTC)
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 63382C433D7;
        Wed, 21 Sep 2022 15:48:55 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org;
        s=korg; t=1663775335;
        bh=Dx6WhD+XKC+xohHwOe/Ftp7MR8BKHvhEoM/YvtiAM7A=;
        h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
        b=Z82QsV4wdQAyAAw0xRoOzHtH1xVt0miQ145D3gftwaCIJlTIQvuKH5Gp34UprWCon
         XI0DNDMJh/hwO/TkMMLatT0E9KUuuB4u0GZSD2WI0kFXTs4JWn2u+ERCPnq1Fp40qE
         Rz4wCCNP1CbjU6luXvbK6xzRnYNW3j0JstOPWsP0=
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        stable@vger.kernel.org, Stefan Metzmacher <metze@samba.org>,
        "Paulo Alcantara (SUSE)" <pc@cjr.nz>,
        Ronnie Sahlberg <lsahlber@redhat.com>,
        Steve French <stfrench@microsoft.com>
Subject: [PATCH 5.15 19/45] cifs: always initialize struct msghdr smb_msg
 completely
Date: Wed, 21 Sep 2022 17:46:09 +0200
Message-Id: <20220921153647.511044620@linuxfoundation.org>
X-Mailer: git-send-email 2.37.3
In-Reply-To: <20220921153646.931277075@linuxfoundation.org>
References: <20220921153646.931277075@linuxfoundation.org>
User-Agent: quilt/0.67
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Type: text/plain; charset="utf-8"

From: Stefan Metzmacher <metze@samba.org>

commit bedc8f76b3539ac4f952114b316bcc2251e808ce upstream.

So far we were just lucky because the uninitialized members
of struct msghdr are not used by default on a SOCK_STREAM tcp
socket.

But as new things like msg_ubuf and sg_from_iter where added
recently, we should play on the safe side and avoid potention
problems in future.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Cc: stable@vger.kernel.org
Reviewed-by: Paulo Alcantara (SUSE) <pc@cjr.nz>
Reviewed-by: Ronnie Sahlberg <lsahlber@redhat.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 fs/cifs/connect.c   |   11 +++--------
 fs/cifs/transport.c |    6 +-----
 2 files changed, 4 insertions(+), 13 deletions(-)

--- a/fs/cifs/connect.c
+++ b/fs/cifs/connect.c
@@ -519,9 +519,6 @@ cifs_readv_from_socket(struct TCP_Server
 	int length =3D 0;
 	int total_read;
=20
-	smb_msg->msg_control =3D NULL;
-	smb_msg->msg_controllen =3D 0;
-
 	for (total_read =3D 0; msg_data_left(smb_msg); total_read +=3D length) {
 		try_to_freeze();
=20
@@ -572,7 +569,7 @@ int
 cifs_read_from_socket(struct TCP_Server_Info *server, char *buf,
 		      unsigned int to_read)
 {
-	struct msghdr smb_msg;
+	struct msghdr smb_msg =3D {};
 	struct kvec iov =3D {.iov_base =3D buf, .iov_len =3D to_read};
 	iov_iter_kvec(&smb_msg.msg_iter, READ, &iov, 1, to_read);
=20
@@ -582,15 +579,13 @@ cifs_read_from_socket(struct TCP_Server_
 ssize_t
 cifs_discard_from_socket(struct TCP_Server_Info *server, size_t to_read)
 {
-	struct msghdr smb_msg;
+	struct msghdr smb_msg =3D {};
=20
 	/*
 	 *  iov_iter_discard already sets smb_msg.type and count and iov_offset
 	 *  and cifs_readv_from_socket sets msg_control and msg_controllen
 	 *  so little to initialize in struct msghdr
 	 */
-	smb_msg.msg_name =3D NULL;
-	smb_msg.msg_namelen =3D 0;
 	iov_iter_discard(&smb_msg.msg_iter, READ, to_read);
=20
 	return cifs_readv_from_socket(server, &smb_msg);
@@ -600,7 +595,7 @@ int
 cifs_read_page_from_socket(struct TCP_Server_Info *server, struct page *pa=
ge,
 	unsigned int page_offset, unsigned int to_read)
 {
-	struct msghdr smb_msg;
+	struct msghdr smb_msg =3D {};
 	struct bio_vec bv =3D {
 		.bv_page =3D page, .bv_len =3D to_read, .bv_offset =3D page_offset};
 	iov_iter_bvec(&smb_msg.msg_iter, READ, &bv, 1, to_read);
--- a/fs/cifs/transport.c
+++ b/fs/cifs/transport.c
@@ -196,10 +196,6 @@ smb_send_kvec(struct TCP_Server_Info *se
=20
 	*sent =3D 0;
=20
-	smb_msg->msg_name =3D NULL;
-	smb_msg->msg_namelen =3D 0;
-	smb_msg->msg_control =3D NULL;
-	smb_msg->msg_controllen =3D 0;
 	if (server->noblocksnd)
 		smb_msg->msg_flags =3D MSG_DONTWAIT + MSG_NOSIGNAL;
 	else
@@ -311,7 +307,7 @@ __smb_send_rqst(struct TCP_Server_Info *
 	sigset_t mask, oldmask;
 	size_t total_len =3D 0, sent, size;
 	struct socket *ssocket =3D server->ssocket;
-	struct msghdr smb_msg;
+	struct msghdr smb_msg =3D {};
 	__be32 rfc1002_marker;
=20
 	if (cifs_rdma_enabled(server)) {