IB/mlx5: Verify reserved fields are cleared
authorEli Cohen <eli@dev.mellanox.co.il>
Wed, 15 Jan 2014 12:56:44 +0000 (14:56 +0200)
committerRoland Dreier <roland@purestorage.com>
Thu, 23 Jan 2014 07:23:54 +0000 (23:23 -0800)
Verify that reserved fields in struct mlx5_ib_resize_cq are cleared
before continuing execution of the verb. This is required to allow
making use of this area in future revisions.

Signed-off-by: Yann Droneaud <ydroneaud@opteya.com>
Signed-off-by: Eli Cohen <eli@mellanox.com>
Signed-off-by: Roland Dreier <roland@purestorage.com>
drivers/infiniband/hw/mlx5/cq.c

index 50b03a8067e511c1bb07436685229e30a8e6515e..b1705ce6eb88bcf351201495a7f9f0d2ffa275d7 100644 (file)
@@ -877,8 +877,12 @@ static int resize_user(struct mlx5_ib_dev *dev, struct mlx5_ib_cq *cq,
        int npages;
        struct ib_ucontext *context = cq->buf.umem->context;
 
-       if (ib_copy_from_udata(&ucmd, udata, sizeof(ucmd)))
-               return -EFAULT;
+       err = ib_copy_from_udata(&ucmd, udata, sizeof(ucmd));
+       if (err)
+               return err;
+
+       if (ucmd.reserved0 || ucmd.reserved1)
+               return -EINVAL;
 
        umem = ib_umem_get(context, ucmd.buf_addr, entries * ucmd.cqe_size,
                           IB_ACCESS_LOCAL_WRITE, 1);