queue-5.10/rnbd-srv-zero-the-rsp-buffer-before-using-it.patch - pub/scm/linux/kernel/git/stable/stable-queue - Git at Google

 From 1eed435c3c9dbf30b1815a51b97a246905de7df6 Mon Sep 17 00:00:00 2001
 From: Sasha Levin <sashal@kernel.org>
 Date: Fri, 5 Dec 2025 13:47:33 +0100
 Subject: rnbd-srv: Zero the rsp buffer before using it

 From: Md Haris Iqbal <haris.iqbal@ionos.com>

 [ Upstream commit 69d26698e4fd44935510553809007151b2fe4db5 ]

 Before using the data buffer to send back the response message, zero it
 completely. This prevents any stray bytes to be picked up by the client
 side when there the message is exchanged between different protocol
 versions.

 Signed-off-by: Md Haris Iqbal <haris.iqbal@ionos.com>
 Signed-off-by: Jack Wang <jinpu.wang@ionos.com>
 Signed-off-by: Grzegorz Prajsner <grzegorz.prajsner@ionos.com>
 Signed-off-by: Jens Axboe <axboe@kernel.dk>
 Signed-off-by: Sasha Levin <sashal@kernel.org>
 ---
  drivers/block/rnbd/rnbd-srv.c | 3 +++
  1 file changed, 3 insertions(+)

 diff --git a/drivers/block/rnbd/rnbd-srv.c b/drivers/block/rnbd/rnbd-srv.c
 index 9c5d52335e17c..6bec309719066 100644
 --- a/drivers/block/rnbd/rnbd-srv.c
 +++ b/drivers/block/rnbd/rnbd-srv.c
 @@ -535,6 +535,8 @@ static void rnbd_srv_fill_msg_open_rsp(struct rnbd_msg_open_rsp *rsp,
  {
  	struct rnbd_dev *rnbd_dev = sess_dev->rnbd_dev;

 +	memset(rsp, 0, sizeof(*rsp));
 +
  	rsp->hdr.type = cpu_to_le16(RNBD_MSG_OPEN_RSP);
  	rsp->device_id =
  		cpu_to_le32(sess_dev->device_id);
 @@ -649,6 +651,7 @@ static int process_msg_sess_info(struct rtrs_srv *rtrs,
  		 srv_sess->sessname, srv_sess->ver,
  		 sess_info_msg->ver, RNBD_PROTO_VER_MAJOR);

 +	memset(rsp, 0, sizeof(*rsp));
  	rsp->hdr.type = cpu_to_le16(RNBD_MSG_SESS_INFO_RSP);
  	rsp->ver = srv_sess->ver;

 --
 2.51.0
	From 1eed435c3c9dbf30b1815a51b97a246905de7df6 Mon Sep 17 00:00:00 2001
	From: Sasha Levin <sashal@kernel.org>
	Date: Fri, 5 Dec 2025 13:47:33 +0100
	Subject: rnbd-srv: Zero the rsp buffer before using it

	From: Md Haris Iqbal <haris.iqbal@ionos.com>

	[ Upstream commit 69d26698e4fd44935510553809007151b2fe4db5 ]

	Before using the data buffer to send back the response message, zero it
	completely. This prevents any stray bytes to be picked up by the client
	side when there the message is exchanged between different protocol
	versions.

	Signed-off-by: Md Haris Iqbal <haris.iqbal@ionos.com>
	Signed-off-by: Jack Wang <jinpu.wang@ionos.com>
	Signed-off-by: Grzegorz Prajsner <grzegorz.prajsner@ionos.com>
	Signed-off-by: Jens Axboe <axboe@kernel.dk>
	Signed-off-by: Sasha Levin <sashal@kernel.org>
	---
	drivers/block/rnbd/rnbd-srv.c \| 3 +++
	1 file changed, 3 insertions(+)

	diff --git a/drivers/block/rnbd/rnbd-srv.c b/drivers/block/rnbd/rnbd-srv.c
	index 9c5d52335e17c..6bec309719066 100644
	--- a/drivers/block/rnbd/rnbd-srv.c
	+++ b/drivers/block/rnbd/rnbd-srv.c
	@@ -535,6 +535,8 @@ static void rnbd_srv_fill_msg_open_rsp(struct rnbd_msg_open_rsp *rsp,
	{
	struct rnbd_dev *rnbd_dev = sess_dev->rnbd_dev;

	+ memset(rsp, 0, sizeof(*rsp));
	+
	rsp->hdr.type = cpu_to_le16(RNBD_MSG_OPEN_RSP);
	rsp->device_id =
	cpu_to_le32(sess_dev->device_id);
	@@ -649,6 +651,7 @@ static int process_msg_sess_info(struct rtrs_srv *rtrs,
	srv_sess->sessname, srv_sess->ver,
	sess_info_msg->ver, RNBD_PROTO_VER_MAJOR);

	+ memset(rsp, 0, sizeof(*rsp));
	rsp->hdr.type = cpu_to_le16(RNBD_MSG_SESS_INFO_RSP);
	rsp->ver = srv_sess->ver;

	--
	2.51.0