On 11/10/2013 8:19 PM, Yann Droneaud wrote:
In patch "IB/core: clarify overflow/underflow checks on ib_create/destroy_flow",
the meaning of the size field was modified to only represent
the size of the flow_spec appended to the flow_attr structure.
The size of the flow_attr structure must be added when
allocating memory for the whole flow_attr + flow_specs
buffer.
Signed-off-by: Yann Droneaud <[email protected]>
Link: http://marc.info/[email protected]
Link: http://mid.gmane.org/[email protected]
---
drivers/infiniband/core/uverbs_cmd.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/drivers/infiniband/core/uverbs_cmd.c
b/drivers/infiniband/core/uverbs_cmd.c
index 63c2700..3b732f6 100644
--- a/drivers/infiniband/core/uverbs_cmd.c
+++ b/drivers/infiniband/core/uverbs_cmd.c
@@ -2677,7 +2677,8 @@ ssize_t ib_uverbs_create_flow(struct ib_uverbs_file *file,
return -EINVAL;
if (cmd.flow_attr.num_of_specs) {
- kern_flow_attr =malloc(cmd.flow_attr.size, GFP_KERNEL);
+ kern_flow_attr =malloc(sizeof(*kern_flow_attr) +
cmd.flow_attr.size,
+ GFP_KERNEL);
if (!kern_flow_attr)
return -ENOMEM;
@@ -2705,7 +2706,7 @@ ssize_t ib_uverbs_create_flow(struct ib_uverbs_file *file,
goto err_uobj;
}
- flow_attr =malloc(cmd.flow_attr.size, GFP_KERNEL);
+ flow_attr =malloc(sizeof(*flow_attr) + cmd.flow_attr.size, GFP_KERNEL);
if (!flow_attr) {
err =ENOMEM;
goto err_put;
--
1.8.3.1
Hi,
Since this patch mainly fixes PATCH 1, I see no point on sending them as
2 different patches. Squashing them seems like a better idea.
Regards.
--
To unsubscribe from this list: send the line "unsubscribe linux-rdma" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
