diff options
author | Leon Romanovsky <leonro@mellanox.com> | 2018-02-21 19:12:40 +0300 |
---|---|---|
committer | Doug Ledford <dledford@redhat.com> | 2018-02-23 06:29:50 +0300 |
commit | e21719fbbd1786c09132e0483c72c136a61b79ed (patch) | |
tree | ba58fc3fb946a103fd7b4caaa3762ec70a4ab9a1 /drivers/infiniband/core/uverbs_main.c | |
parent | 491d5c6a3023e303cc693b91d9b3a4d54471c944 (diff) | |
download | linux-e21719fbbd1786c09132e0483c72c136a61b79ed.tar.xz |
RDMa/uverbs: Copy ex_hdr outside of SRCU read lock
The SRCU read lock protects the IB device pointer
and doesn't need to be called before copying user
provided header.
Signed-off-by: Leon Romanovsky <leonro@mellanox.com>
Signed-off-by: Doug Ledford <dledford@redhat.com>
Diffstat (limited to 'drivers/infiniband/core/uverbs_main.c')
-rw-r--r-- | drivers/infiniband/core/uverbs_main.c | 13 |
1 files changed, 6 insertions, 7 deletions
diff --git a/drivers/infiniband/core/uverbs_main.c b/drivers/infiniband/core/uverbs_main.c index ff70e1ead1ba..a23cf9e33b98 100644 --- a/drivers/infiniband/core/uverbs_main.c +++ b/drivers/infiniband/core/uverbs_main.c @@ -709,8 +709,12 @@ static ssize_t ib_uverbs_write(struct file *filp, const char __user *buf, (command != IB_USER_VERBS_CMD_GET_CONTEXT || extended)) return -EINVAL; - if (extended && count < (sizeof(hdr) + sizeof(ex_hdr))) - return -EINVAL; + if (extended) { + if (count < (sizeof(hdr) + sizeof(ex_hdr))) + return -EINVAL; + if (copy_from_user(&ex_hdr, buf + sizeof(hdr), sizeof(ex_hdr))) + return -EFAULT; + } srcu_key = srcu_read_lock(&file->device->disassociate_srcu); ib_dev = srcu_dereference(file->device->ib_dev, @@ -740,11 +744,6 @@ static ssize_t ib_uverbs_write(struct file *filp, const char __user *buf, struct ib_udata uhw; size_t written_count = count; - if (copy_from_user(&ex_hdr, buf + sizeof(hdr), sizeof(ex_hdr))) { - ret = -EFAULT; - goto out; - } - count -= sizeof(hdr) + sizeof(ex_hdr); buf += sizeof(hdr) + sizeof(ex_hdr); |