struct pvrdma_create_srq was introduced when the driver was first merged but was never used. At that point it had only buf_addr. Later when SRQ was introduced the struct was expanded. So unlike the other cases that grab the first struct member based on git blame this uses the entire struct.
Signed-off-by: Jason Gunthorpe <[email protected]> --- drivers/infiniband/hw/vmw_pvrdma/pvrdma_cq.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/drivers/infiniband/hw/vmw_pvrdma/pvrdma_cq.c b/drivers/infiniband/hw/vmw_pvrdma/pvrdma_cq.c index b3df6eb9b8eff6..bc3adcc1ae67c2 100644 --- a/drivers/infiniband/hw/vmw_pvrdma/pvrdma_cq.c +++ b/drivers/infiniband/hw/vmw_pvrdma/pvrdma_cq.c @@ -134,10 +134,9 @@ int pvrdma_create_cq(struct ib_cq *ibcq, const struct ib_cq_init_attr *attr, cq->is_kernel = !udata; if (!cq->is_kernel) { - if (ib_copy_from_udata(&ucmd, udata, sizeof(ucmd))) { - ret = -EFAULT; + ret = ib_copy_validate_udata_in(udata, ucmd, reserved); + if (ret) goto err_cq; - } cq->umem = ib_umem_get(ibdev, ucmd.buf_addr, ucmd.buf_size, IB_ACCESS_LOCAL_WRITE); -- 2.43.0
