mirror of
https://github.com/torvalds/linux.git
synced 2026-06-05 04:56:13 +02:00
RDMA: Use ib_copy_validate_udata_in() for implicit full structs
All of these cases have git blames that say the entire current struct was introduced at once, so the last member is the right choice. Signed-off-by: Jason Gunthorpe <jgg@nvidia.com> Signed-off-by: Leon Romanovsky <leonro@nvidia.com>
This commit is contained in:
Jason Gunthorpe
Leon Romanovsky
parent
e910d98dc4
commit
54b3bce972
|
|
@ -1039,8 +1039,7 @@ int erdma_create_qp(struct ib_qp *ibqp, struct ib_qp_init_attr *attrs,
|
|||
qp->attrs.rq_size = roundup_pow_of_two(attrs->cap.max_recv_wr);
|
||||
|
||||
if (uctx) {
|
||||
ret = ib_copy_from_udata(&ureq, udata,
|
||||
min(sizeof(ureq), udata->inlen));
|
||||
ret = ib_copy_validate_udata_in(udata, ureq, rsvd0);
|
||||
if (ret)
|
||||
goto err_out_xa;
|
||||
|
||||
|
|
@ -1980,8 +1979,7 @@ int erdma_create_cq(struct ib_cq *ibcq, const struct ib_cq_init_attr *attr,
|
|||
struct erdma_ureq_create_cq ureq;
|
||||
struct erdma_uresp_create_cq uresp;
|
||||
|
||||
ret = ib_copy_from_udata(&ureq, udata,
|
||||
min(udata->inlen, sizeof(ureq)));
|
||||
ret = ib_copy_validate_udata_in(udata, ureq, rsvd0);
|
||||
if (ret)
|
||||
goto err_out_xa;
|
||||
|
||||
|
|
|
|||
|
|
@ -373,7 +373,7 @@ int ionic_alloc_ucontext(struct ib_ucontext *ibctx, struct ib_udata *udata)
|
|||
phys_addr_t db_phys = 0;
|
||||
int rc;
|
||||
|
||||
rc = ib_copy_from_udata(&req, udata, sizeof(req));
|
||||
rc = ib_copy_validate_udata_in(udata, req, rsvd);
|
||||
if (rc)
|
||||
return rc;
|
||||
|
||||
|
|
@ -1225,7 +1225,7 @@ int ionic_create_cq(struct ib_cq *ibcq, const struct ib_cq_init_attr *attr,
|
|||
int udma_idx = 0, rc;
|
||||
|
||||
if (udata) {
|
||||
rc = ib_copy_from_udata(&req, udata, sizeof(req));
|
||||
rc = ib_copy_validate_udata_in(udata, req, rsvd);
|
||||
if (rc)
|
||||
return rc;
|
||||
}
|
||||
|
|
@ -2154,7 +2154,7 @@ int ionic_create_qp(struct ib_qp *ibqp, struct ib_qp_init_attr *attr,
|
|||
int rc;
|
||||
|
||||
if (udata) {
|
||||
rc = ib_copy_from_udata(&req, udata, sizeof(req));
|
||||
rc = ib_copy_validate_udata_in(udata, req, rsvd);
|
||||
if (rc)
|
||||
return rc;
|
||||
} else {
|
||||
|
|
|
|||
|
|
@ -402,8 +402,9 @@ static int mthca_create_srq(struct ib_srq *ibsrq,
|
|||
return -EOPNOTSUPP;
|
||||
|
||||
if (udata) {
|
||||
if (ib_copy_from_udata(&ucmd, udata, sizeof(ucmd)))
|
||||
return -EFAULT;
|
||||
err = ib_copy_validate_udata_in(udata, ucmd, db_page);
|
||||
if (err)
|
||||
return err;
|
||||
|
||||
err = mthca_map_user_db(to_mdev(ibsrq->device), &context->uar,
|
||||
context->db_tab, ucmd.db_index,
|
||||
|
|
@ -472,8 +473,9 @@ static int mthca_create_qp(struct ib_qp *ibqp,
|
|||
case IB_QPT_UD:
|
||||
{
|
||||
if (udata) {
|
||||
if (ib_copy_from_udata(&ucmd, udata, sizeof(ucmd)))
|
||||
return -EFAULT;
|
||||
err = ib_copy_validate_udata_in(udata, ucmd, rq_db_index);
|
||||
if (err)
|
||||
return err;
|
||||
|
||||
err = mthca_map_user_db(dev, &context->uar,
|
||||
context->db_tab,
|
||||
|
|
@ -594,8 +596,9 @@ static int mthca_create_cq(struct ib_cq *ibcq,
|
|||
return -EINVAL;
|
||||
|
||||
if (udata) {
|
||||
if (ib_copy_from_udata(&ucmd, udata, sizeof(ucmd)))
|
||||
return -EFAULT;
|
||||
err = ib_copy_validate_udata_in(udata, ucmd, set_db_index);
|
||||
if (err)
|
||||
return err;
|
||||
|
||||
err = mthca_map_user_db(to_mdev(ibdev), &context->uar,
|
||||
context->db_tab, ucmd.set_db_index,
|
||||
|
|
@ -721,10 +724,9 @@ static int mthca_resize_cq(struct ib_cq *ibcq, unsigned int entries,
|
|||
goto out;
|
||||
lkey = cq->resize_buf->buf.mr.ibmr.lkey;
|
||||
} else {
|
||||
if (ib_copy_from_udata(&ucmd, udata, sizeof ucmd)) {
|
||||
ret = -EFAULT;
|
||||
ret = ib_copy_validate_udata_in(udata, ucmd, reserved);
|
||||
if (ret)
|
||||
goto out;
|
||||
}
|
||||
lkey = ucmd.lkey;
|
||||
}
|
||||
|
||||
|
|
@ -852,8 +854,11 @@ static struct ib_mr *mthca_reg_user_mr(struct ib_pd *pd, u64 start, u64 length,
|
|||
}
|
||||
++context->reg_mr_warned;
|
||||
ucmd.mr_attrs = 0;
|
||||
} else if (ib_copy_from_udata(&ucmd, udata, sizeof ucmd))
|
||||
return ERR_PTR(-EFAULT);
|
||||
} else {
|
||||
err = ib_copy_validate_udata_in(udata, ucmd, reserved);
|
||||
if (err)
|
||||
return ERR_PTR(err);
|
||||
}
|
||||
|
||||
mr = kmalloc_obj(*mr);
|
||||
if (!mr)
|
||||
|
|
|
|||
|
|
@ -982,8 +982,9 @@ int ocrdma_create_cq(struct ib_cq *ibcq, const struct ib_cq_init_attr *attr,
|
|||
return -EOPNOTSUPP;
|
||||
|
||||
if (udata) {
|
||||
if (ib_copy_from_udata(&ureq, udata, sizeof(ureq)))
|
||||
return -EFAULT;
|
||||
status = ib_copy_validate_udata_in(udata, ureq, rsvd);
|
||||
if (status)
|
||||
return status;
|
||||
} else
|
||||
ureq.dpp_cq = 0;
|
||||
|
||||
|
|
@ -1309,8 +1310,9 @@ int ocrdma_create_qp(struct ib_qp *ibqp, struct ib_qp_init_attr *attrs,
|
|||
|
||||
memset(&ureq, 0, sizeof(ureq));
|
||||
if (udata) {
|
||||
if (ib_copy_from_udata(&ureq, udata, sizeof(ureq)))
|
||||
return -EFAULT;
|
||||
status = ib_copy_validate_udata_in(udata, ureq, rsvd1);
|
||||
if (status)
|
||||
return status;
|
||||
}
|
||||
ocrdma_set_qp_init_params(qp, pd, attrs);
|
||||
if (udata == NULL)
|
||||
|
|
|
|||
|
|
@ -273,12 +273,9 @@ int qedr_alloc_ucontext(struct ib_ucontext *uctx, struct ib_udata *udata)
|
|||
return -EFAULT;
|
||||
|
||||
if (udata->inlen) {
|
||||
rc = ib_copy_from_udata(&ureq, udata,
|
||||
min(sizeof(ureq), udata->inlen));
|
||||
if (rc) {
|
||||
DP_ERR(dev, "Problem copying data from user space\n");
|
||||
return -EFAULT;
|
||||
}
|
||||
rc = ib_copy_validate_udata_in(udata, ureq, reserved);
|
||||
if (rc)
|
||||
return rc;
|
||||
ctx->edpm_mode = !!(ureq.context_flags &
|
||||
QEDR_ALLOC_UCTX_EDPM_MODE);
|
||||
ctx->db_rec = !!(ureq.context_flags & QEDR_ALLOC_UCTX_DB_REC);
|
||||
|
|
@ -949,12 +946,9 @@ int qedr_create_cq(struct ib_cq *ibcq, const struct ib_cq_init_attr *attr,
|
|||
db_offset = DB_ADDR_SHIFT(DQ_PWM_OFFSET_UCM_RDMA_CQ_CONS_32BIT);
|
||||
|
||||
if (udata) {
|
||||
if (ib_copy_from_udata(&ureq, udata, min(sizeof(ureq),
|
||||
udata->inlen))) {
|
||||
DP_ERR(dev,
|
||||
"create cq: problem copying data from user space\n");
|
||||
goto err0;
|
||||
}
|
||||
rc = ib_copy_validate_udata_in(udata, ureq, len);
|
||||
if (rc)
|
||||
return rc;
|
||||
|
||||
if (!ureq.len) {
|
||||
DP_ERR(dev,
|
||||
|
|
@ -1575,12 +1569,9 @@ int qedr_create_srq(struct ib_srq *ibsrq, struct ib_srq_init_attr *init_attr,
|
|||
hw_srq->max_sges = init_attr->attr.max_sge;
|
||||
|
||||
if (udata) {
|
||||
if (ib_copy_from_udata(&ureq, udata, min(sizeof(ureq),
|
||||
udata->inlen))) {
|
||||
DP_ERR(dev,
|
||||
"create srq: problem copying data from user space\n");
|
||||
goto err0;
|
||||
}
|
||||
rc = ib_copy_validate_udata_in(udata, ureq, srq_len);
|
||||
if (rc)
|
||||
return rc;
|
||||
|
||||
rc = qedr_init_srq_user_params(udata, srq, &ureq, 0);
|
||||
if (rc)
|
||||
|
|
@ -1860,12 +1851,9 @@ static int qedr_create_user_qp(struct qedr_dev *dev,
|
|||
}
|
||||
|
||||
if (udata) {
|
||||
rc = ib_copy_from_udata(&ureq, udata, min(sizeof(ureq),
|
||||
udata->inlen));
|
||||
if (rc) {
|
||||
DP_ERR(dev, "Problem copying data from user space\n");
|
||||
rc = ib_copy_validate_udata_in(udata, ureq, rq_len);
|
||||
if (rc)
|
||||
return rc;
|
||||
}
|
||||
}
|
||||
|
||||
if (qedr_qp_has_sq(qp)) {
|
||||
|
|
|
|||
|
|
@ -476,7 +476,7 @@ int usnic_ib_create_qp(struct ib_qp *ibqp, struct ib_qp_init_attr *init_attr,
|
|||
if (init_attr->create_flags)
|
||||
return -EOPNOTSUPP;
|
||||
|
||||
err = ib_copy_from_udata(&cmd, udata, sizeof(cmd));
|
||||
err = ib_copy_validate_udata_in(udata, cmd, spec);
|
||||
if (err) {
|
||||
usnic_err("%s: cannot copy udata for create_qp\n",
|
||||
dev_name(&us_ibdev->ib_dev.dev));
|
||||
|
|
|
|||
|
|
@ -49,6 +49,7 @@
|
|||
#include <rdma/ib_addr.h>
|
||||
#include <rdma/ib_smi.h>
|
||||
#include <rdma/ib_user_verbs.h>
|
||||
#include <rdma/uverbs_ioctl.h>
|
||||
|
||||
#include "pvrdma.h"
|
||||
|
||||
|
|
@ -252,10 +253,9 @@ int pvrdma_create_qp(struct ib_qp *ibqp, struct ib_qp_init_attr *init_attr,
|
|||
dev_dbg(&dev->pdev->dev,
|
||||
"create queuepair from user space\n");
|
||||
|
||||
if (ib_copy_from_udata(&ucmd, udata, sizeof(ucmd))) {
|
||||
ret = -EFAULT;
|
||||
ret = ib_copy_validate_udata_in(udata, ucmd, qp_addr);
|
||||
if (ret)
|
||||
goto err_qp;
|
||||
}
|
||||
|
||||
/* Userspace supports qpn and qp handles? */
|
||||
if (dev->dsr_version >= PVRDMA_QPHANDLE_VERSION &&
|
||||
|
|
|
|||
|
|
@ -49,6 +49,7 @@
|
|||
#include <rdma/ib_addr.h>
|
||||
#include <rdma/ib_smi.h>
|
||||
#include <rdma/ib_user_verbs.h>
|
||||
#include <rdma/uverbs_ioctl.h>
|
||||
|
||||
#include "pvrdma.h"
|
||||
|
||||
|
|
@ -141,10 +142,9 @@ int pvrdma_create_srq(struct ib_srq *ibsrq, struct ib_srq_init_attr *init_attr,
|
|||
dev_dbg(&dev->pdev->dev,
|
||||
"create shared receive queue from user space\n");
|
||||
|
||||
if (ib_copy_from_udata(&ucmd, udata, sizeof(ucmd))) {
|
||||
ret = -EFAULT;
|
||||
ret = ib_copy_validate_udata_in(udata, ucmd, reserved);
|
||||
if (ret)
|
||||
goto err_srq;
|
||||
}
|
||||
|
||||
srq->umem = ib_umem_get(ibsrq->device, ucmd.buf_addr, ucmd.buf_size, 0);
|
||||
if (IS_ERR(srq->umem)) {
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user