From 57761d8df8efc7cc1227f9bc22e0dda01b0dd91b Mon Sep 17 00:00:00 2001 From: Eli Cohen Date: Wed, 15 Jan 2014 14:56:44 +0200 Subject: [PATCH] IB/mlx5: Verify reserved fields are cleared Verify that reserved fields in struct mlx5_ib_resize_cq are cleared before continuing execution of the verb. This is required to allow making use of this area in future revisions. Signed-off-by: Yann Droneaud Signed-off-by: Eli Cohen Signed-off-by: Roland Dreier --- drivers/infiniband/hw/mlx5/cq.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/drivers/infiniband/hw/mlx5/cq.c b/drivers/infiniband/hw/mlx5/cq.c index 50b03a8067e5..b1705ce6eb88 100644 --- a/drivers/infiniband/hw/mlx5/cq.c +++ b/drivers/infiniband/hw/mlx5/cq.c @@ -877,8 +877,12 @@ static int resize_user(struct mlx5_ib_dev *dev, struct mlx5_ib_cq *cq, int npages; struct ib_ucontext *context = cq->buf.umem->context; - if (ib_copy_from_udata(&ucmd, udata, sizeof(ucmd))) - return -EFAULT; + err = ib_copy_from_udata(&ucmd, udata, sizeof(ucmd)); + if (err) + return err; + + if (ucmd.reserved0 || ucmd.reserved1) + return -EINVAL; umem = ib_umem_get(context, ucmd.buf_addr, entries * ucmd.cqe_size, IB_ACCESS_LOCAL_WRITE, 1);