Commit e21719fb authored by Leon Romanovsky's avatar Leon Romanovsky Committed by Doug Ledford
Browse files

RDMa/uverbs: Copy ex_hdr outside of SRCU read lock 



The SRCU read lock protects the IB device pointer
and doesn't need to be called before copying user
provided header.

Signed-off-by: default avatarLeon Romanovsky <leonro@mellanox.com>
Signed-off-by: default avatarDoug Ledford <dledford@redhat.com>
parent 491d5c6a

drivers/infiniband/core/uverbs_main.c

+6 −7
Original line number Diff line number Diff line
@@ -709,8 +709,12 @@ static ssize_t ib_uverbs_write(struct file *filp, const char __user *buf, 
	    (command != IB_USER_VERBS_CMD_GET_CONTEXT || extended))

		return -EINVAL;



	if (extended && count < (sizeof(hdr) + sizeof(ex_hdr)))

	if (extended) {

		if (count < (sizeof(hdr) + sizeof(ex_hdr)))

			return -EINVAL;

		if (copy_from_user(&ex_hdr, buf + sizeof(hdr), sizeof(ex_hdr)))

			return -EFAULT;

	}



	srcu_key = srcu_read_lock(&file->device->disassociate_srcu);

	ib_dev = srcu_dereference(file->device->ib_dev,
@@ -740,11 +744,6 @@ static ssize_t ib_uverbs_write(struct file *filp, const char __user *buf, 
		struct ib_udata uhw;

		size_t written_count = count;



		if (copy_from_user(&ex_hdr, buf + sizeof(hdr), sizeof(ex_hdr))) {

			ret = -EFAULT;

			goto out;

		}



		count -= sizeof(hdr) + sizeof(ex_hdr);

		buf += sizeof(hdr) + sizeof(ex_hdr);

CRA Git | Maintained and supported by SUSTech CRA and CCSE