leandrof/linux
1
0
Fork 0
forked from Minki/linux
Code Issues Pull Requests Packages Projects Releases Wiki Activity
1d784b890c
linux/drivers/infiniband
History
Mike Marciniszyn 1d784b890c IB/core: Fix user mode post wr corruption 
Commit e622f2f4ad ("IB: split struct ib_send_wr")
introduced a regression for HCAs whose user mode post
sends go through ib_uverbs_post_send().

The code didn't account for the fact that the first sge is
offset by an operation dependent length.  The allocation did,
but the pointer to the destination sge list is computed without
that knowledge.  The sge list copy_from_user() then corrupts
fields in the work request

Store the operation dependent length in a local variable and
compute the sge list copy_from_user() destination using that length.

Reviewed-by: Ira Weiny <ira.weiny@intel.com>
Signed-off-by: Mike Marciniszyn <mike.marciniszyn@intel.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Doug Ledford <dledford@redhat.com>
2015-12-07 16:22:14 -05:00
..
core IB/core: Fix user mode post wr corruption 2015-12-07 16:22:14 -05:00
hw IB/qib: Fix qib_mr structure 2015-12-07 16:22:14 -05:00
ulp SCSI misc on 20151113 2015-11-13 20:35:54 -08:00
Kconfig IB/ehca: Deprecate driver, move to staging, schedule deletion 2015-09-11 18:13:35 -04:00
Makefile IB: Allow build of hw/ and ulp/ subdirectories independently 2014-06-02 14:51:12 -07:00