On Mon, 18 Mar 2019 12:50:37 +0000
"Ruhl, Michael J" <michael.j.ruhl@xxxxxxxxx> wrote:
> >@@ -391,6 +394,8 @@ static ssize_t ib_umad_read(struct file *filp, char
> >__user *buf,
> > else
> > ret = copy_send_mad(file, buf, packet, count);
> >
> >+ trace_ib_umad_read(file, (struct ib_user_mad __user *)buf);
>
> buf is marked as __user. Doesn't that mean that you have to use
> copy_from_user(), in order to be safe?
Good catch. I believe you are correct.
This patch looks to be broken.
-- Steve
>
> > if (ret < 0) {
> > /* Requeue packet */
> > mutex_lock(&file->mutex);
> >@@ -508,6 +513,8 @@ static ssize_t ib_umad_write(struct file *filp, const char
> >__user *buf,
> >
