On Thu, Dec 20, 2018 at 11:37:54AM -0800, Steve Wise wrote: > We now use dev_name(&ib_device->dev) instead of ib_device->name in > iwpm messages. The name field in struct device is a const char *, > where as ib_device->name is a char array of size IB_DEVICE_NAME_MAX, > and it is pre-initialized to zeros. > > Since iw_cm_map() was using memcpy() to copy in the device name, and > copying IWPM_DEVNAME_SIZE bytes, it ends up copying past the device > name string and getting random bytes. This results in iwpmd failing > the REGISTER_PID request from iwcm. Thus port mapping is broken. > > The fix is to initialize the iwpm_dev_data message memory to zeros, > and then strcopy() to avoid copying past the end of the dev_name() string. The fix is to return failure if the name is too long to be held in the iwpm_dev_data... Jason
