On 21/10/2015 16:46, eran ben elisha wrote: >>> +ssize_t ib_uverbs_create_qp(struct ib_uverbs_file *file, >>> >> + struct ib_device *ib_dev, >>> >> + const char __user *buf, int in_len, >>> >> + int out_len) >>> >> +{ >>> >> + struct ib_uverbs_create_qp cmd; >>> >> + struct ib_uverbs_ex_create_qp cmd_ex; >>> >> + struct ib_udata ucore; >>> >> + struct ib_udata uhw; >>> >> + ssize_t resp_size = sizeof(struct ib_uverbs_create_qp_resp); >>> >> + int err; >> > >> > I would expect a check here that in_len >= sizeof(cmd). But I see the >> > previous code didn't have it either. Any reason adding the check would >> > break user-space? > This patch just refactor in ib_uverbs_create_qp and doesn't change any > of it's logic or fix any bug. we can consider such a fix for the > future. Fair enough. Haggai -- To unsubscribe from this list: send the line "unsubscribe linux-rdma" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html