On Wed, 2005-05-18 at 19:04, Roland Dreier wrote: > This looks OK to check in with one small comment on the following: > > - if (copy_to_user(buf, &packet->mad, sizeof packet->mad)) > + if (copy_to_user(buf, &packet->mad, > + min(count, packet->length + > + sizeof (struct ib_user_mad)))) > ret = -EFAULT; > else > - ret = sizeof packet->mad; > + ret = count; > > This code will truncate a received MAD that is bigger than the buffer > passed into read(), but return the full size of the packet. I don't > think read() is allowed to do this: the return value can be at most > the count value passed in by the user. > > I think we have two options: truncate and return the actual amount of > data read to the user, or return an error if the user's buffer is too > small.
OK; I just reissued the patch with the real length transferred. Also in the case of too short buffer or a copy_to_user error, the packet is requeued. -- Hal _______________________________________________ openib-general mailing list [email protected] http://openib.org/mailman/listinfo/openib-general To unsubscribe, please visit http://openib.org/mailman/listinfo/openib-general
