From nobody Tue Dec 16 03:21:23 2025 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 944E4C07E9D for ; Mon, 26 Sep 2022 11:06:54 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237275AbiIZLGv (ORCPT ); Mon, 26 Sep 2022 07:06:51 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49940 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234732AbiIZLF4 (ORCPT ); Mon, 26 Sep 2022 07:05:56 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C05544F6B0; Mon, 26 Sep 2022 03:33:59 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 8C9BC60C05; Mon, 26 Sep 2022 10:33:42 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 82142C433C1; Mon, 26 Sep 2022 10:33:41 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1664188422; bh=BPFEgtuDPRS6M4K2zKUGEDYswwOrwW1BnzLKphyFSNw=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=AFJrB5iUUwwFlMtnQB7cYXsoJmdkIQC6gzCTFabKoASDW2N+zUN2cVS0kDf4CLslI nNmU4fBWP7VNTOsG2DACdhVKhww+pE5XkOU4Wj/QmUj8IfNwvD78JyGXKpLemj6Zh4 VJKAsArIqeBZeHaC+is0O3j9KqlwI2yU/z00R3lk= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Stefan Metzmacher , "Paulo Alcantara (SUSE)" , Ronnie Sahlberg , Steve French , Sasha Levin Subject: [PATCH 5.10 125/141] cifs: always initialize struct msghdr smb_msg completely Date: Mon, 26 Sep 2022 12:12:31 +0200 Message-Id: <20220926100758.986193625@linuxfoundation.org> X-Mailer: git-send-email 2.37.3 In-Reply-To: <20220926100754.639112000@linuxfoundation.org> References: <20220926100754.639112000@linuxfoundation.org> User-Agent: quilt/0.67 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Stefan Metzmacher [ Upstream commit bedc8f76b3539ac4f952114b316bcc2251e808ce ] So far we were just lucky because the uninitialized members of struct msghdr are not used by default on a SOCK_STREAM tcp socket. But as new things like msg_ubuf and sg_from_iter where added recently, we should play on the safe side and avoid potention problems in future. Signed-off-by: Stefan Metzmacher Cc: stable@vger.kernel.org Reviewed-by: Paulo Alcantara (SUSE) Reviewed-by: Ronnie Sahlberg Signed-off-by: Steve French Signed-off-by: Sasha Levin --- fs/cifs/connect.c | 11 +++-------- fs/cifs/transport.c | 6 +----- 2 files changed, 4 insertions(+), 13 deletions(-) diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c index 6e7d5b9e84b8..d1c3086d7ddd 100644 --- a/fs/cifs/connect.c +++ b/fs/cifs/connect.c @@ -695,9 +695,6 @@ cifs_readv_from_socket(struct TCP_Server_Info *server, = struct msghdr *smb_msg) int length =3D 0; int total_read; =20 - smb_msg->msg_control =3D NULL; - smb_msg->msg_controllen =3D 0; - for (total_read =3D 0; msg_data_left(smb_msg); total_read +=3D length) { try_to_freeze(); =20 @@ -748,7 +745,7 @@ int cifs_read_from_socket(struct TCP_Server_Info *server, char *buf, unsigned int to_read) { - struct msghdr smb_msg; + struct msghdr smb_msg =3D {}; struct kvec iov =3D {.iov_base =3D buf, .iov_len =3D to_read}; iov_iter_kvec(&smb_msg.msg_iter, READ, &iov, 1, to_read); =20 @@ -758,15 +755,13 @@ cifs_read_from_socket(struct TCP_Server_Info *server,= char *buf, ssize_t cifs_discard_from_socket(struct TCP_Server_Info *server, size_t to_read) { - struct msghdr smb_msg; + struct msghdr smb_msg =3D {}; =20 /* * iov_iter_discard already sets smb_msg.type and count and iov_offset * and cifs_readv_from_socket sets msg_control and msg_controllen * so little to initialize in struct msghdr */ - smb_msg.msg_name =3D NULL; - smb_msg.msg_namelen =3D 0; iov_iter_discard(&smb_msg.msg_iter, READ, to_read); =20 return cifs_readv_from_socket(server, &smb_msg); @@ -776,7 +771,7 @@ int cifs_read_page_from_socket(struct TCP_Server_Info *server, struct page *pa= ge, unsigned int page_offset, unsigned int to_read) { - struct msghdr smb_msg; + struct msghdr smb_msg =3D {}; struct bio_vec bv =3D { .bv_page =3D page, .bv_len =3D to_read, .bv_offset =3D page_offset}; iov_iter_bvec(&smb_msg.msg_iter, READ, &bv, 1, to_read); diff --git a/fs/cifs/transport.c b/fs/cifs/transport.c index 383ae8744c33..b137006f0fd2 100644 --- a/fs/cifs/transport.c +++ b/fs/cifs/transport.c @@ -209,10 +209,6 @@ smb_send_kvec(struct TCP_Server_Info *server, struct m= sghdr *smb_msg, =20 *sent =3D 0; =20 - smb_msg->msg_name =3D NULL; - smb_msg->msg_namelen =3D 0; - smb_msg->msg_control =3D NULL; - smb_msg->msg_controllen =3D 0; if (server->noblocksnd) smb_msg->msg_flags =3D MSG_DONTWAIT + MSG_NOSIGNAL; else @@ -324,7 +320,7 @@ __smb_send_rqst(struct TCP_Server_Info *server, int num= _rqst, sigset_t mask, oldmask; size_t total_len =3D 0, sent, size; struct socket *ssocket =3D server->ssocket; - struct msghdr smb_msg; + struct msghdr smb_msg =3D {}; __be32 rfc1002_marker; =20 if (cifs_rdma_enabled(server)) { --=20 2.35.1