diff options
author | Leon Romanovsky <leonro@mellanox.com> | 2018-02-21 18:12:40 +0200 |
---|---|---|
committer | Doug Ledford <dledford@redhat.com> | 2018-02-22 22:29:50 -0500 |
commit | e21719fbbd1786c09132e0483c72c136a61b79ed (patch) | |
tree | ba58fc3fb946a103fd7b4caaa3762ec70a4ab9a1 /drivers/infiniband/core | |
parent | RDMA/uverbs: Move uncontext check before SRCU read lock (diff) | |
download | linux-dev-e21719fbbd1786c09132e0483c72c136a61b79ed.tar.xz linux-dev-e21719fbbd1786c09132e0483c72c136a61b79ed.zip |
RDMa/uverbs: Copy ex_hdr outside of SRCU read lock
The SRCU read lock protects the IB device pointer
and doesn't need to be called before copying user
provided header.
Signed-off-by: Leon Romanovsky <leonro@mellanox.com>
Signed-off-by: Doug Ledford <dledford@redhat.com>
Diffstat (limited to 'drivers/infiniband/core')
-rw-r--r-- | drivers/infiniband/core/uverbs_main.c | 13 |
1 files changed, 6 insertions, 7 deletions
diff --git a/drivers/infiniband/core/uverbs_main.c b/drivers/infiniband/core/uverbs_main.c index ff70e1ead1ba..a23cf9e33b98 100644 --- a/drivers/infiniband/core/uverbs_main.c +++ b/drivers/infiniband/core/uverbs_main.c @@ -709,8 +709,12 @@ static ssize_t ib_uverbs_write(struct file *filp, const char __user *buf, (command != IB_USER_VERBS_CMD_GET_CONTEXT || extended)) return -EINVAL; - if (extended && count < (sizeof(hdr) + sizeof(ex_hdr))) - return -EINVAL; + if (extended) { + if (count < (sizeof(hdr) + sizeof(ex_hdr))) + return -EINVAL; + if (copy_from_user(&ex_hdr, buf + sizeof(hdr), sizeof(ex_hdr))) + return -EFAULT; + } srcu_key = srcu_read_lock(&file->device->disassociate_srcu); ib_dev = srcu_dereference(file->device->ib_dev, @@ -740,11 +744,6 @@ static ssize_t ib_uverbs_write(struct file *filp, const char __user *buf, struct ib_udata uhw; size_t written_count = count; - if (copy_from_user(&ex_hdr, buf + sizeof(hdr), sizeof(ex_hdr))) { - ret = -EFAULT; - goto out; - } - count -= sizeof(hdr) + sizeof(ex_hdr); buf += sizeof(hdr) + sizeof(ex_hdr); |