sunrpc: fix uninitialized xprt_create_args structure

The xprt_create_args structure is allocated on the stack without
initialization in rpc_sysfs_xprt_switch_add_xprt_store(). While some
fields are manually populated, critical fields like srcaddr, bc_xps,
and flags contain uninitialized stack garbage.

This can lead to:
1. Kernel panic when xs_setup_xprt() dereferences garbage srcaddr
2. Information leak if srcaddr points to sensitive stack data
3. Unpredictable behavior if flags has random bits set

The fix is to zero-initialize the structure to ensure all unused
fields are NULL/0, preventing the transport setup code from acting
on garbage data.

Cc: stable@vger.kernel.org
Suggested-by: Jeff Layton <jlayton@kernel.org>
Reviewed-by: Jeff Layton <jlayton@kernel.org>
Signed-off-by: Hongling Zeng <zenghongling@kylinos.cn>
Signed-off-by: Anna Schumaker <anna.schumaker@hammerspace.com>

diff --git a/net/sunrpc/sysfs.c b/net/sunrpc/sysfs.c
index 49686bf740e694235ff06b3de6119aeb2b0a956a..e638b92b7ad1fdabe5cf3a004fa26d3e34060c0a 100644 (file)
--- a/net/sunrpc/sysfs.c
+++ b/net/sunrpc/sysfs.c
@@ -327,7 +327,7 @@ static ssize_t rpc_sysfs_xprt_switch_add_xprt_store(struct kobject *kobj,
 {
        struct rpc_xprt_switch *xprt_switch =
                rpc_sysfs_xprt_switch_kobj_get_xprt(kobj);
-       struct xprt_create xprt_create_args;
+       struct xprt_create xprt_create_args = {};
        struct rpc_xprt *xprt, *new;
 
        if (!xprt_switch)