On Mon, Feb 26, 2018 at 03:02:21PM +0200, Leon Romanovsky wrote:
> diff --git a/drivers/infiniband/hw/mlx4/main.c b/drivers/infiniband/hw/mlx4/main.c
> index 8d2ee9322f2e..cd6b81ef4f5a 100644
> +++ b/drivers/infiniband/hw/mlx4/main.c
> @@ -584,8 +584,9 @@ static int mlx4_ib_query_device(struct ib_device *ibdev,
> sizeof(struct mlx4_wqe_data_seg);
> }
>
> - if (uhw->outlen >= resp.response_length + sizeof(resp.rss_caps)) {
> - resp.response_length += sizeof(resp.rss_caps);
> + if (uhw->outlen >= resp.response_length + sizeof(resp.rss_caps) +
> + sizeof(resp.reserved)) {
> + resp.response_length += sizeof(resp.rss_caps) + sizeof(resp.reserved);
> if (props->rss_caps.supported_qpts) {
> resp.rss_caps.rx_hash_function =
> MLX4_IB_RX_HASH_FUNC_TOEPLITZ;
This is a bug today even on 64 bit, although it seems basically
harmless because of the existing padding.
I assume this bug is why the missing padding was noticed?
Anyhow, can we please fix this sanely? Adding in the reserved just
seems so ugly and frail..
The field_avail macro approach in mlx5 is much better.
Maybe:
#define field_end(var, fld) (offsetof(typeof(*(var)),fld) + sizeof((var)->fld))
if (uhw->outlen >= field_end(resp, rss_caps)) {
resp.response_length = field_end(resp, rss_caps);
Thanks,
Jason
--
To unsubscribe from this list: send the line "unsubscribe linux-rdma" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
