net/bpfilter: Initialize pos in __bpfilter_process_sockopt

__bpfilter_process_sockopt never initialized the pos variable passed to the pipe write. This has been mostly harmless in the past as pipes ignore the offset, but the switch to kernel_write now verified the position, which can lead to a failure depending on the exact stack initialization pattern. Initialize the variable to zero to make rw_verify_area happy. Fixes: 6955a76fbcd5 ("bpfilter: switch to kernel_write") Reported-by: Christian Brauner <[email protected]> Reported-by: Rodrigo Madera <[email protected]> Signed-off-by: Christoph Hellwig <[email protected]> Signed-off-by: Daniel Borkmann <[email protected]> Tested-by: Rodrigo Madera <[email protected]> Tested-by: Christian Brauner <[email protected]> Reviewed-by: Christian Brauner <[email protected]> Link: https://lore.kernel.org/bpf/[email protected]
author: Christoph Hellwig <[email protected]> 2020-07-30 18:09:00 +0200
committer: Daniel Borkmann <[email protected]> 2020-07-31 01:07:32 +0200
commit: 4f010246b4087ab931b060481014ec110e6a8a46 (patch)
tree: e454d2a5f3dad27c81eaaba95127c681cdb6cce4
parent: 0ba58348414eb10249480635545758b40b3c33b6 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/net/bpfilter/bpfilter_kern.c b/net/bpfilter/bpfilter_kern.c
index c0f0990f30b6..cfb27166bfd7 100644
--- a/net/bpfilter/bpfilter_kern.c
+++ b/net/bpfilter/bpfilter_kern.c
@@ -39,7 +39,7 @@ static int __bpfilter_process_sockopt(struct sock *sk, int optname,
 {
 	struct mbox_request req;
 	struct mbox_reply reply;
-	loff_t pos;
+	loff_t pos = 0;
 	ssize_t n;
 	int ret = -EFAULT;
author	Christoph Hellwig <[email protected]>	2020-07-30 18:09:00 +0200
committer	Daniel Borkmann <[email protected]>	2020-07-31 01:07:32 +0200
commit	4f010246b4087ab931b060481014ec110e6a8a46 (patch)
tree	e454d2a5f3dad27c81eaaba95127c681cdb6cce4
parent	0ba58348414eb10249480635545758b40b3c33b6 (diff)