Thread (676 messages) 676 messages, 24 authors, 2025-08-17
STALE317d

[PATCH 6.16 079/627] staging: gpib: fix unset padding field copy back to userspace

From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: 2025-08-12 18:30:36
Also in: linux-patches
Subsystem: staging subsystem, the rest · Maintainers: Greg Kroah-Hartman, Linus Torvalds

6.16-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Colin Ian King <redacted>

[ Upstream commit a739d3b13bff0dfa1aec679d08c7062131a2a425 ]

The introduction of a padding field in the gpib_board_info_ioctl is
showing up as initialized data on the stack frame being copyied back
to userspace in function board_info_ioctl. The simplest fix is to
initialize the entire struct to zero to ensure all unassigned padding
fields are zero'd before being copied back to userspace.

Signed-off-by: Colin Ian King <redacted>
Fixes: 9dde4559e939 ("staging: gpib: Add GPIB common core driver")
Signed-off-by: Dan Carpenter <redacted>
Link: https://lore.kernel.org/r/20250623220958.280424-1-colin.i.king@gmail.com (local)
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/staging/gpib/common/gpib_os.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/staging/gpib/common/gpib_os.c b/drivers/staging/gpib/common/gpib_os.c
index a193d64db033..93ef5f6ce249 100644
--- a/drivers/staging/gpib/common/gpib_os.c
+++ b/drivers/staging/gpib/common/gpib_os.c
@@ -1774,7 +1774,7 @@ static int query_board_rsv_ioctl(struct gpib_board *board, unsigned long arg)
 
 static int board_info_ioctl(const struct gpib_board *board, unsigned long arg)
 {
-	struct gpib_board_info_ioctl info;
+	struct gpib_board_info_ioctl info = { };
 	int retval;
 
 	info.pad = board->pad;
-- 
2.39.5


Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help