RDMa/uverbs: Copy ex_hdr outside of SRCU read lock

The SRCU read lock protects the IB device pointer and doesn't need to be called before copying user provided header. Signed-off-by: Leon Romanovsky <leonro@mellanox.com> Signed-off-by: Doug Ledford <dledford@redhat.com>

RDMa/uverbs: Copy ex_hdr outside of SRCU read lock
The SRCU read lock protects the IB device pointer and doesn't need to be called before copying user provided header. Signed-off-by: Leon Romanovsky <leonro@mellanox.com> Signed-off-by: Doug Ledford <dledford@redhat.com>
e21719fb · Leon Romanovsky · Doug Ledford · 491d5c6a · e21719fb
Commit e21719fb authored Feb 21, 2018 by Leon Romanovsky Committed by Doug Ledford Feb 22, 2018
Hide whitespace changes
Inline Side-by-side

Showing with 6 additions and 7 deletions

drivers/infiniband/core/uverbs_main.c drivers/infiniband/core/uverbs_main.c +6 -7

No files found.
--- a/drivers/infiniband/core/uverbs_main.c
+++ b/drivers/infiniband/core/uverbs_main.c
@@ -709,8 +709,12 @@ static ssize_t ib_uverbs_write(struct file *filp, const char __user *buf,
 	    (command != IB_USER_VERBS_CMD_GET_CONTEXT || extended))
 		return -EINVAL;

-	if (extended && count < (sizeof(hdr) + sizeof(ex_hdr)))
-		return -EINVAL;
+	if (extended) {
+		if (count < (sizeof(hdr) + sizeof(ex_hdr)))
+			return -EINVAL;
+		if (copy_from_user(&ex_hdr, buf + sizeof(hdr), sizeof(ex_hdr)))
+			return -EFAULT;
+	}

 	srcu_key = srcu_read_lock(&file->device->disassociate_srcu);
 	ib_dev = srcu_dereference(file->device->ib_dev,
@@ -740,11 +744,6 @@ static ssize_t ib_uverbs_write(struct file *filp, const char __user *buf,
 		struct ib_udata uhw;
 		size_t written_count = count;

-		if (copy_from_user(&ex_hdr, buf + sizeof(hdr), sizeof(ex_hdr))) {
-			ret = -EFAULT;
-			goto out;
-		}
-
 		count -= sizeof(hdr) + sizeof(ex_hdr);
 		buf += sizeof(hdr) + sizeof(ex_hdr);