Copying to user space from the stack instead of slab cache cured a kernel oops that was toubling me.A Signed-off-by: Bob Pearson <rpearson@xxxxxxx> --- drivers/infiniband/core/uverbs_std_types_qp.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/infiniband/core/uverbs_std_types_qp.c b/drivers/infiniband/core/uverbs_std_types_qp.c index 3bf8dcdfe7eb..2f8b14003b95 100644 --- a/drivers/infiniband/core/uverbs_std_types_qp.c +++ b/drivers/infiniband/core/uverbs_std_types_qp.c @@ -98,6 +98,7 @@ static int UVERBS_HANDLER(UVERBS_METHOD_QP_CREATE)( struct ib_device *device; u64 user_handle; int ret; + int qp_num; ret = uverbs_copy_from_or_zero(&cap, attrs, UVERBS_ATTR_CREATE_QP_CAP); @@ -293,9 +294,10 @@ static int UVERBS_HANDLER(UVERBS_METHOD_QP_CREATE)( if (ret) return ret; + /* copy from stack to avoid whitelisting issues */ + qp_num = qp->qp_num; ret = uverbs_copy_to(attrs, UVERBS_ATTR_CREATE_QP_RESP_QP_NUM, - &qp->qp_num, - sizeof(qp->qp_num)); + &qp_num, sizeof(qp_num)); return ret; err_put: -- 2.25.1
