Zero-initialize the tc_gate dump struct to avoid leaking padding bytes
to userspace. Without clearing the struct, uninitialized stack padding
can be copied into the netlink reply during action dumps.

Fixes: a51c328df310 ("net: qos: introduce a gate control flow action")
Cc: stable@vger.kernel.org
Signed-off-by: Paul Moses <p@1g4.org>
---
 net/sched/act_gate.c | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/net/sched/act_gate.c b/net/sched/act_gate.c
index 3ee07c3deaf97..ff963c165de90 100644
--- a/net/sched/act_gate.c
+++ b/net/sched/act_gate.c
@@ -656,17 +656,16 @@ static int tcf_gate_dump(struct sk_buff *skb, struct tc_action *a,
 {
 	unsigned char *b = skb_tail_pointer(skb);
 	struct tcf_gate *gact = to_gate(a);
-	struct tc_gate opt = {
-		.index    = gact->tcf_index,
-		.refcnt   = refcount_read(&gact->tcf_refcnt) - ref,
-		.bindcnt  = atomic_read(&gact->tcf_bindcnt) - bind,
-	};
+	struct tc_gate opt = { };
 	struct tcfg_gate_entry *entry;
 	struct tcf_gate_params *p;
 	struct nlattr *entry_list;
 	struct tcf_t t;
 
 	spin_lock_bh(&gact->tcf_lock);
+	opt.index    = gact->tcf_index;
+	opt.refcnt   = refcount_read(&gact->tcf_refcnt) - ref;
+	opt.bindcnt  = atomic_read(&gact->tcf_bindcnt) - bind;
 	opt.action = gact->tcf_action;
 
 	p = rcu_dereference_protected(gact->param,
-- 
2.52.GIT