[IBAL] Fix TO_LONG_PTR use in IOCTLs.
authorleonidk <leonidk@ad392aa1-c5ef-ae45-8dd8-e69d62a5ef86>
Sun, 13 Jul 2008 10:54:52 +0000 (10:54 +0000)
committerleonidk <leonidk@ad392aa1-c5ef-ae45-8dd8-e69d62a5ef86>
Sun, 13 Jul 2008 10:54:52 +0000 (10:54 +0000)
Some IOCTLs transfer API structures with embedded pointers.  These embedded pointers use the TO_LONG_PTR macro to pad everything out so that __ptr64 isn't used.  The idea here is fine, but the change to eliminate the __ptr64 was riddled with problems that weren't caught by the find/replace brute force code changes.

Specifically, you had code like this:

>core\al\user\ual_mr.c, ual_reg_mem@67
>
>       /* Clear the mr_ioctl */
>       cl_memclr( &mr_ioctl, sizeof(mr_ioctl) );

In theory, no uninitialized upper 32-bits of a TO_LONG_PTR structure would get sent to the kernel.

>       mr_ioctl.in.h_pd = h_pd->obj.hdl;
>       mr_ioctl.in.mem_create = *p_mr_create;

Oops, the mem_create in the IOCTL buffer was overwritten with the caller's structure, which may have uninitialized padding.  This isn't subsequently cleared, effectively defeating the purpose of the memclr.

>+      mr_ioctl.in.mem_create.vaddr_padding =
>+ (ULONG_PTR)p_mr_create->vaddr;

Pretty much every instance of embedded structures in IOCTLs was broken in this way.  There were cases where things were closer to being right:

>core\al\user\ual_qp.c, ual_create_qp@313
>        */
>       qp_ioctl.in.h_pd = h_pd->obj.hdl;
>       qp_ioctl.in.qp_create = *p_qp_create;

Ok, same copy issue as above...

>       qp_ioctl.in.qp_create.h_rq_cq =
>               (ib_cq_handle_t)HDL_TO_PTR(p_qp_create->h_rq_cq->obj.hdl);
>       qp_ioctl.in.qp_create.h_sq_cq =
>
> (ib_cq_handle_t)HDL_TO_PTR(p_qp_create->h_sq_cq->obj.hdl);

Ah, close but not quite - you have the assignment, but it only assigns the pointer part of the TO_LONG_PTR union.  The padding is still a copy of the user's structure, potentially giving an invalid handle in the kernel.  All uses of HDL_TO_PTR were eliminated as they didn't actually accomplish anything.

This patch fixes this, and always uses the 'padding' field of the TO_LONG_PTR union so that the value is always fully set.

There's also a bug fixed in UD work requests that get sent via IOCTL - the AV handle was never swizzled to its appropriate kernel handle.

Signed-off-by: Fab Tillier <ftillier@microsoft.com>
git-svn-id: svn://openib.tc.cornell.edu/gen1/trunk@1387 ad392aa1-c5ef-ae45-8dd8-e69d62a5ef86

core/al/kernel/al_ndi_cm.c
core/al/kernel/al_proxy.c
core/al/kernel/al_proxy_cep.c
core/al/kernel/al_proxy_verbs.c
core/al/user/ual_cm_cep.c
core/al/user/ual_mr.c
core/al/user/ual_mw.c
core/al/user/ual_qp.c
inc/iba/ib_types.h

index 36442b9..6f9d7a7 100644 (file)
@@ -643,7 +643,7 @@ __ndi_proc_dreq(
 static void\r
 __ndi_proc_rej(\r
        IN                              ib_qp_handle_t const            h_qp,\r
-       IN              const   mad_cm_rej_t* const             p_rej )\r
+       IN              const   mad_cm_rej_t* const                     p_rej )\r
 {\r
        KIRQL irql;\r
        IRP* p_irp;\r
@@ -1158,7 +1158,7 @@ exit:
        if( p_query_rec->p_result_mad )\r
                ib_put_mad( p_query_rec->p_result_mad );\r
 \r
-       deref_al_obj( &h_qp->obj );     /* release path query reference */\r
+       deref_al_obj( &h_qp->obj );     /* release path query reference */\r
        AL_EXIT( AL_DBG_NDI );\r
 }\r
 \r
@@ -1208,7 +1208,7 @@ __ndi_pr_query(
        {\r
                h_qp->p_irp_queue->state = NDI_CM_IDLE;\r
                AL_PRINT_EXIT( TRACE_LEVEL_ERROR, AL_DBG_ERROR, ("ib_query failed (%d)\n", status) );\r
-               deref_al_obj( &h_qp->obj );     /* release path query reference */\r
+               deref_al_obj( &h_qp->obj );     /* release path query reference */\r
                return ib_to_ntstatus( status );\r
        }\r
 \r
@@ -1437,7 +1437,7 @@ exit:
 static void\r
 __ndi_fill_cm_rep(\r
        IN              ib_qp_handle_t  const                           h_qp,\r
-       IN              ual_ndi_rep_cm_ioctl_in_t                       *p_rep,\r
+       IN              ual_ndi_rep_cm_ioctl_in_t                       *p_rep,\r
                OUT     ib_cm_rep_t                                                     *p_cm_rep)\r
 {\r
        AL_ENTER( AL_DBG_NDI );\r
@@ -1677,5 +1677,3 @@ ndi_dreq_cm(
        return status;\r
 }\r
 \r
-\r
-\r
index acff865..e8a471e 100644 (file)
@@ -776,7 +776,7 @@ __proxy_pnp_cb(
                break;\r
        }\r
 \r
-       p_evt_rec->pnp.h_pnp = (ib_pnp_handle_t)HDL_TO_PTR(p_pnp_rec->h_pnp->obj.hdl);\r
+       p_evt_rec->pnp.h_pnp_padding = p_pnp_rec->h_pnp->obj.hdl;\r
        p_pnp_rec->h_pnp->obj.hdl_valid = TRUE;\r
 \r
        hdl =\r
index 29ff546..2ff44f0 100644 (file)
@@ -206,7 +206,7 @@ proxy_cep_pre_req(
 \r
        /* Get the kernel QP handle. */\r
        h_qp = (ib_qp_handle_t)al_hdl_ref(\r
-               p_context->h_al, (uint64_t)p_ioctl->in.cm_req.h_qp, AL_OBJ_TYPE_H_QP );\r
+               p_context->h_al, p_ioctl->in.cm_req.h_qp_padding, AL_OBJ_TYPE_H_QP );\r
        if( !h_qp )\r
        {\r
                p_ioctl->out.status = IB_INVALID_QP_HANDLE;\r
@@ -292,7 +292,7 @@ proxy_cep_pre_rep(
 \r
        /* Get the kernel QP handle. */\r
        h_qp = (ib_qp_handle_t)al_hdl_ref(\r
-               p_context->h_al, (uint64_t)p_ioctl->in.cm_rep.h_qp, AL_OBJ_TYPE_H_QP );\r
+               p_context->h_al, p_ioctl->in.cm_rep.h_qp_padding, AL_OBJ_TYPE_H_QP );\r
        if( !h_qp )\r
        {\r
                p_ioctl->out.status = IB_INVALID_QP_HANDLE;\r
@@ -553,7 +553,7 @@ proxy_cep_lap(
 \r
        /* Get the kernel QP handle. */\r
        h_qp = (ib_qp_handle_t)al_hdl_ref(\r
-               p_context->h_al, (uint64_t)p_ioctl->cm_lap.h_qp, AL_OBJ_TYPE_H_QP );\r
+               p_context->h_al, p_ioctl->cm_lap.h_qp_padding, AL_OBJ_TYPE_H_QP );\r
        if( !h_qp )\r
        {\r
                status = IB_INVALID_QP_HANDLE;\r
@@ -606,7 +606,7 @@ proxy_cep_pre_apr(
 \r
        /* Get the kernel QP handle. */\r
        h_qp = (ib_qp_handle_t)al_hdl_ref(\r
-               p_context->h_al, (uint64_t)p_ioctl->in.cm_apr.h_qp, AL_OBJ_TYPE_H_QP );\r
+               p_context->h_al, p_ioctl->in.cm_apr.h_qp_padding, AL_OBJ_TYPE_H_QP );\r
        if( !h_qp )\r
        {\r
                p_ioctl->out.status = IB_INVALID_QP_HANDLE;\r
index 38a9b7f..5b052e0 100644 (file)
@@ -350,7 +350,7 @@ proxy_ca_err_cb(
        cb_info.rec_type = CA_ERROR_REC;\r
        /* Return the Proxy's open_ca handle and the user's context */\r
        cb_info.ioctl_rec.event_rec = *p_err_rec;\r
-       cb_info.ioctl_rec.event_rec.handle.h_ca = (ib_ca_handle_t)HDL_TO_PTR(h_ca->obj.hdl);\r
+       cb_info.ioctl_rec.event_rec.handle.h_ca_padding = h_ca->obj.hdl;\r
 \r
        /* The proxy handle must be valid now. */\r
        if( !h_ca->obj.hdl_valid )\r
@@ -987,7 +987,7 @@ proxy_srq_err_cb(
        cb_info.rec_type = SRQ_ERROR_REC;\r
        /* Return the Proxy's SRQ handle and the user's context */\r
        cb_info.ioctl_rec.event_rec = *p_err_rec;\r
-       cb_info.ioctl_rec.event_rec.handle.h_srq = (ib_srq_handle_t) HDL_TO_PTR(h_srq->obj.hdl);\r
+       cb_info.ioctl_rec.event_rec.handle.h_srq_padding = h_srq->obj.hdl;\r
 \r
        /* The proxy handle must be valid now. */\r
        if( !h_srq->obj.hdl_valid )\r
@@ -1291,7 +1291,7 @@ proxy_qp_err_cb(
        cb_info.rec_type = QP_ERROR_REC;\r
        /* Return the Proxy's QP handle and the user's context */\r
        cb_info.ioctl_rec.event_rec = *p_err_rec;\r
-       cb_info.ioctl_rec.event_rec.handle.h_qp = (ib_qp_handle_t)HDL_TO_PTR(h_qp->obj.hdl);\r
+       cb_info.ioctl_rec.event_rec.handle.h_qp_padding = h_qp->obj.hdl;\r
 \r
        /* The proxy handle must be valid now. */\r
        if( !h_qp->obj.hdl_valid )\r
@@ -1345,12 +1345,12 @@ proxy_create_qp(
        h_pd = (ib_pd_handle_t)\r
                al_hdl_ref( p_context->h_al, p_ioctl->in.h_pd, AL_OBJ_TYPE_H_PD );\r
        h_sq_cq = (ib_cq_handle_t)al_hdl_ref( p_context->h_al,\r
-               (uint64_t)p_ioctl->in.qp_create.h_sq_cq, AL_OBJ_TYPE_H_CQ );\r
+               p_ioctl->in.qp_create.h_sq_cq_padding, AL_OBJ_TYPE_H_CQ );\r
        h_rq_cq = (ib_cq_handle_t)al_hdl_ref( p_context->h_al,\r
-               (uint64_t)p_ioctl->in.qp_create.h_rq_cq, AL_OBJ_TYPE_H_CQ );\r
+               p_ioctl->in.qp_create.h_rq_cq_padding, AL_OBJ_TYPE_H_CQ );\r
        if (p_ioctl->in.qp_create.h_srq) {\r
                h_srq = (ib_srq_handle_t)al_hdl_ref( p_context->h_al,\r
-                       (uint64_t)p_ioctl->in.qp_create.h_srq, AL_OBJ_TYPE_H_SRQ );\r
+                       p_ioctl->in.qp_create.h_srq_padding, AL_OBJ_TYPE_H_SRQ );\r
                if( !h_srq)\r
                {\r
                        status = IB_INVALID_SRQ_HANDLE;\r
@@ -1490,26 +1490,24 @@ proxy_query_qp(
        {\r
                if( p_ioctl->out.attr.h_pd )\r
                {\r
-                       p_ioctl->out.attr.h_pd =\r
-                               (ib_pd_handle_t)HDL_TO_PTR(p_ioctl->out.attr.h_pd->obj.hdl);\r
+                       p_ioctl->out.attr.h_pd_padding = p_ioctl->out.attr.h_pd->obj.hdl;\r
                }\r
 \r
                if( p_ioctl->out.attr.h_sq_cq )\r
                {\r
-                       p_ioctl->out.attr.h_sq_cq =\r
-                               (ib_cq_handle_t)HDL_TO_PTR(p_ioctl->out.attr.h_sq_cq->obj.hdl);\r
+                       p_ioctl->out.attr.h_sq_cq_padding =\r
+                               p_ioctl->out.attr.h_sq_cq->obj.hdl;\r
                }\r
 \r
                if( p_ioctl->out.attr.h_rq_cq )\r
                {\r
-                       p_ioctl->out.attr.h_rq_cq =\r
-                               (ib_cq_handle_t)HDL_TO_PTR(p_ioctl->out.attr.h_rq_cq->obj.hdl);\r
+                       p_ioctl->out.attr.h_rq_cq_padding =\r
+                               p_ioctl->out.attr.h_rq_cq->obj.hdl;\r
                }\r
 \r
                if( p_ioctl->out.attr.h_srq )\r
                {\r
-                       p_ioctl->out.attr.h_srq =\r
-                               (ib_srq_handle_t)HDL_TO_PTR(p_ioctl->out.attr.h_srq->obj.hdl);\r
+                       p_ioctl->out.attr.h_srq_padding = p_ioctl->out.attr.h_srq->obj.hdl;\r
                }\r
        }\r
        else\r
@@ -2044,7 +2042,7 @@ proxy_cq_err_cb(
        cb_info.rec_type = CQ_ERROR_REC;\r
        /* Return the Proxy's cq handle and the user's context */\r
        cb_info.ioctl_rec.event_rec = *p_err_rec;\r
-       cb_info.ioctl_rec.event_rec.handle.h_cq = (ib_cq_handle_t)HDL_TO_PTR(h_cq->obj.hdl);\r
+       cb_info.ioctl_rec.event_rec.handle.h_cq_padding = h_cq->obj.hdl;\r
 \r
        /* The proxy handle must be valid now. */\r
        if( !h_cq->obj.hdl_valid )\r
@@ -2358,7 +2356,7 @@ proxy_post_send(
                {\r
                        /* Validate the AV handle for UD */\r
                        h_av = (ib_av_handle_t)al_hdl_ref( p_context->h_al,\r
-                               (uint64_t)p_wr[i].dgrm.ud.h_av, AL_OBJ_TYPE_H_AV );\r
+                               p_wr[i].dgrm.ud.h_av_padding, AL_OBJ_TYPE_H_AV );\r
                        if( !h_av )\r
                        {\r
                                status = IB_INVALID_AV_HANDLE;\r
@@ -3039,8 +3037,7 @@ proxy_query_mr(
        if( status == IB_SUCCESS )\r
        {\r
                /* Replace the pd handle with proxy's handle */\r
-               p_ioctl->out.attr.h_pd =\r
-                       (ib_pd_handle_t)HDL_TO_PTR(p_ioctl->out.attr.h_pd->obj.hdl);\r
+               p_ioctl->out.attr.h_pd_padding = p_ioctl->out.attr.h_pd->obj.hdl;\r
        }\r
        else\r
        {\r
@@ -3484,7 +3481,7 @@ proxy_bind_mw(
 \r
        /* Validate MR handle */\r
        h_mr = (ib_mr_handle_t)al_hdl_ref( p_context->h_al,\r
-               (uint64_t)p_ioctl->in.mw_bind.h_mr, AL_OBJ_TYPE_H_MR );\r
+               p_ioctl->in.mw_bind.h_mr_padding, AL_OBJ_TYPE_H_MR );\r
        if( !h_mr )\r
        {\r
                status = IB_INVALID_MR_HANDLE;\r
index 6b9003d..280c2b2 100644 (file)
@@ -449,7 +449,7 @@ al_cep_listen(
        DWORD                                   bytes_ret;\r
 \r
        AL_ENTER( AL_DBG_CM );\r
-    cl_memclr(&ioctl, sizeof(ioctl));\r
+\r
        if( !h_al )\r
        {\r
                AL_EXIT( AL_DBG_CM );\r
@@ -464,6 +464,7 @@ al_cep_listen(
 \r
        ioctl.cid = cid;\r
        ioctl.cep_listen = *p_listen_info;\r
+       ioctl.cep_listen.p_cmp_buf_padding = 0;\r
        if( p_listen_info->p_cmp_buf )\r
        {\r
                if( p_listen_info->cmp_len > IB_REQ_PDATA_SIZE )\r
@@ -473,6 +474,7 @@ al_cep_listen(
                        return IB_INVALID_SETTING;\r
                }\r
 \r
+               ioctl.cep_listen.p_cmp_buf_padding = 1;\r
                cl_memcpy( ioctl.compare, p_listen_info->p_cmp_buf,\r
                        p_listen_info->cmp_len );\r
        }\r
@@ -520,14 +522,19 @@ al_cep_pre_req(
                AL_EXIT( AL_DBG_ERROR );\r
                return IB_INVALID_PARAMETER;\r
        }\r
-    cl_memclr(&ioctl, sizeof(ioctl));\r
+\r
        ioctl.in.cid = cid;\r
        ioctl.in.cm_req = *p_cm_req;\r
-       ioctl.in.cm_req.h_qp = (ib_qp_handle_t) HDL_TO_PTR(p_cm_req->h_qp->obj.hdl);\r
+       ioctl.in.cm_req.h_qp_padding = p_cm_req->h_qp->obj.hdl;\r
        ioctl.in.paths[0] = *(p_cm_req->p_primary_path);\r
+       ioctl.in.cm_req.p_alt_path_padding = 0;\r
        if( p_cm_req->p_alt_path )\r
+       {\r
+               ioctl.in.cm_req.p_alt_path_padding = 1;\r
                ioctl.in.paths[1] = *(p_cm_req->p_alt_path);\r
+       }\r
        /* Copy private data, if any. */\r
+       ioctl.in.cm_req.p_req_pdata_padding = 0;\r
        if( p_cm_req->p_req_pdata )\r
        {\r
                if( p_cm_req->req_length > IB_REQ_PDATA_SIZE )\r
@@ -537,11 +544,13 @@ al_cep_pre_req(
                        return IB_INVALID_SETTING;\r
                }\r
 \r
+               ioctl.in.cm_req.p_req_pdata_padding = 1;\r
                cl_memcpy( ioctl.in.pdata, p_cm_req->p_req_pdata,\r
                        p_cm_req->req_length );\r
        }\r
 \r
        /* Copy compare data, if any. */\r
+       ioctl.in.cm_req.p_compare_buffer_padding = 0;\r
        if( p_cm_req->p_compare_buffer )\r
        {\r
                if( p_cm_req->compare_length > IB_REQ_PDATA_SIZE )\r
@@ -551,6 +560,7 @@ al_cep_pre_req(
                        return IB_INVALID_SETTING;\r
                }\r
 \r
+               ioctl.in.cm_req.p_compare_buffer_padding = 1;\r
                cl_memcpy( ioctl.in.compare, p_cm_req->p_compare_buffer,\r
                        p_cm_req->compare_length );\r
        }\r
@@ -635,7 +645,6 @@ al_cep_pre_rep(
                AL_EXIT( AL_DBG_ERROR );\r
                return IB_INVALID_PARAMETER;\r
        }\r
-    cl_memclr(&ioctl, sizeof (ioctl));\r
 \r
        /* Store the context for the CEP. */\r
        cl_spinlock_acquire( &gp_cep_mgr->obj.lock );\r
@@ -652,8 +661,9 @@ al_cep_pre_rep(
        ioctl.in.context = (ULONG_PTR)context;\r
        ioctl.in.cid = cid;\r
        ioctl.in.cm_rep = *p_cm_rep;\r
-       ioctl.in.cm_rep.h_qp = (ib_qp_handle_t)HDL_TO_PTR(p_cm_rep->h_qp->obj.hdl);\r
+       ioctl.in.cm_rep.h_qp_padding = p_cm_rep->h_qp->obj.hdl;\r
        /* Copy private data, if any. */\r
+       ioctl.in.cm_rep.p_rep_pdata_padding = 0;\r
        if( p_cm_rep->p_rep_pdata )\r
        {\r
                if( p_cm_rep->rep_length > IB_REP_PDATA_SIZE )\r
@@ -663,6 +673,7 @@ al_cep_pre_rep(
                        return IB_INVALID_SETTING;\r
                }\r
 \r
+               ioctl.in.cm_rep.p_rep_pdata_padding = 1;\r
                cl_memcpy( ioctl.in.pdata, p_cm_rep->p_rep_pdata,\r
                        p_cm_rep->rep_length );\r
        }\r
@@ -823,7 +834,7 @@ al_cep_rtu(
                AL_EXIT( AL_DBG_CM );\r
                return IB_INVALID_HANDLE;\r
        }\r
-    cl_memclr(&ioctl, sizeof(ioctl));\r
+\r
        ioctl.cid = cid;\r
        /* Copy private data, if any. */\r
        if( p_pdata )\r
@@ -874,7 +885,7 @@ al_cep_rej(
                AL_EXIT( AL_DBG_CM );\r
                return IB_INVALID_HANDLE;\r
        }\r
-    cl_memclr(&ioctl, sizeof(ioctl));\r
+\r
        ioctl.cid = cid;\r
        ioctl.rej_status = rej_status;\r
        if( p_ari )\r
@@ -948,9 +959,10 @@ al_cep_mra(
                AL_EXIT( AL_DBG_CM );\r
                return IB_INVALID_HANDLE;\r
        }\r
-    cl_memclr(&ioctl, sizeof (ioctl));\r
+\r
        ioctl.cid = cid;\r
        ioctl.cm_mra = *p_cm_mra;\r
+       ioctl.cm_mra.p_mra_pdata_padding = 0;\r
        /* Copy private data, if any. */\r
        if( p_cm_mra->p_mra_pdata )\r
        {\r
@@ -961,6 +973,7 @@ al_cep_mra(
                        return IB_INVALID_SETTING;\r
                }\r
 \r
+               ioctl.cm_mra.p_mra_pdata_padding = 1;\r
                cl_memcpy(\r
                        ioctl.pdata, p_cm_mra->p_mra_pdata, p_cm_mra->mra_length );\r
        }\r
@@ -1008,12 +1021,13 @@ al_cep_lap(
                AL_EXIT( AL_DBG_CM );\r
                return IB_INVALID_HANDLE;\r
        }\r
-    cl_memclr(&ioctl,sizeof (ioctl));\r
+\r
        ioctl.cid = cid;\r
        ioctl.cm_lap = *p_cm_lap;\r
-       ioctl.cm_lap.h_qp = (ib_qp_handle_t) HDL_TO_PTR(p_cm_lap->h_qp->obj.hdl);\r
+       ioctl.cm_lap.h_qp_padding = p_cm_lap->h_qp->obj.hdl;\r
        ioctl.alt_path = *(p_cm_lap->p_alt_path);\r
        /* Copy private data, if any. */\r
+       ioctl.cm_lap.p_lap_pdata_padding = 0;\r
        if( p_cm_lap->p_lap_pdata )\r
        {\r
                if( p_cm_lap->lap_length > IB_LAP_PDATA_SIZE )\r
@@ -1023,6 +1037,7 @@ al_cep_lap(
                        return IB_INVALID_SETTING;\r
                }\r
 \r
+               ioctl.cm_lap.p_lap_pdata_padding = 1;\r
                cl_memcpy(\r
                        ioctl.pdata, p_cm_lap->p_lap_pdata, p_cm_lap->lap_length );\r
        }\r
@@ -1064,10 +1079,11 @@ al_cep_pre_apr(
                AL_EXIT( AL_DBG_CM );\r
                return IB_INVALID_PARAMETER;\r
        }\r
-    cl_memclr(&ioctl, sizeof (ioctl));\r
+\r
        ioctl.in.cid = cid;\r
        ioctl.in.cm_apr = *p_cm_apr;\r
-       ioctl.in.cm_apr.h_qp = (ib_qp_handle_t)HDL_TO_PTR(p_cm_apr->h_qp->obj.hdl);\r
+       ioctl.in.cm_apr.h_qp_padding = p_cm_apr->h_qp->obj.hdl;\r
+       ioctl.in.cm_apr.p_info_padding = 0;\r
        if( p_cm_apr->p_info )\r
        {\r
                if( p_cm_apr->info_length > IB_APR_INFO_SIZE )\r
@@ -1077,19 +1093,22 @@ al_cep_pre_apr(
                        return IB_INVALID_SETTING;\r
                }\r
 \r
+               ioctl.in.cm_apr.p_info_padding = 1;\r
                cl_memcpy(\r
                        ioctl.in.apr_info, p_cm_apr->p_info, p_cm_apr->info_length );\r
        }\r
        /* Copy private data, if any. */\r
+       ioctl.in.cm_apr.p_apr_pdata_padding = 0;\r
        if( p_cm_apr->p_apr_pdata )\r
        {\r
-               if( p_cm_apr->apr_length > IB_APR_PDATA_SIZE) //TODO ??????\r
+               if( p_cm_apr->apr_length > IB_APR_PDATA_SIZE )\r
                {\r
                        AL_PRINT_EXIT(TRACE_LEVEL_ERROR ,AL_DBG_ERROR,\r
                                ("private data larger than APR private data.\n") );\r
                        return IB_INVALID_SETTING;\r
                }\r
 \r
+               ioctl.in.cm_apr.p_apr_pdata_padding = 1;\r
                cl_memcpy(\r
                        ioctl.in.pdata, p_cm_apr->p_apr_pdata, p_cm_apr->apr_length );\r
        }\r
@@ -1159,7 +1178,7 @@ al_cep_dreq(
                AL_EXIT( AL_DBG_CM );\r
                return IB_INVALID_HANDLE;\r
        }\r
-    cl_memclr(&ioctl, sizeof(ioctl));\r
+\r
        ioctl.cid = cid;\r
        /* Copy private data, if any. */\r
        if( p_pdata )\r
index 42f86a6..6ed3216 100644 (file)
@@ -65,11 +65,9 @@ ual_reg_mem(
 \r
        AL_ENTER( AL_DBG_MR );\r
 \r
-       /* Clear the mr_ioctl */\r
-       cl_memclr( &mr_ioctl, sizeof(mr_ioctl) );\r
-\r
        mr_ioctl.in.h_pd = h_pd->obj.hdl;\r
        mr_ioctl.in.mem_create = *p_mr_create;\r
+       mr_ioctl.in.mem_create.vaddr_padding = (ULONG_PTR)p_mr_create->vaddr;\r
 \r
        cl_status = do_al_dev_ioctl( UAL_REG_MR,\r
                &mr_ioctl.in, sizeof(mr_ioctl.in), &mr_ioctl.out, sizeof(mr_ioctl.out),\r
index 0d5dc23..8e969d9 100644 (file)
@@ -280,7 +280,7 @@ ual_bind_mw(
        mw_ioctl.in.h_mw = h_mw->obj.hdl;\r
        mw_ioctl.in.h_qp = h_qp->obj.hdl;\r
        mw_ioctl.in.mw_bind = *p_mw_bind;\r
-       mw_ioctl.in.mw_bind.h_mr = (ib_mr_handle_t) HDL_TO_PTR(p_mw_bind->h_mr->obj.hdl);\r
+       mw_ioctl.in.mw_bind.h_mr_padding = p_mw_bind->h_mr->obj.hdl;\r
 \r
        cl_status = do_al_dev_ioctl( UAL_BIND_MW,\r
                &mw_ioctl.in, sizeof(mw_ioctl.in), &mw_ioctl.out, sizeof(mw_ioctl.out),\r
index f7eb650..0fc84ec 100644 (file)
@@ -115,7 +115,14 @@ ual_post_send(
        num_wr = 0;\r
        for( p_wr = p_send_wr; p_wr; p_wr = p_wr->p_next )\r
        {\r
-               p_qp_ioctl->in.send_wr[num_wr++] = *p_wr;\r
+               /* pNext and pDs pointer is set by the kernel proxy. */\r
+               p_qp_ioctl->in.send_wr[num_wr] = *p_wr;\r
+               if( h_qp->type == IB_QPT_UNRELIABLE_DGRM )\r
+               {\r
+                       p_qp_ioctl->in.send_wr[num_wr].dgrm.ud.h_av_padding =\r
+                               p_wr->dgrm.ud.h_av->obj.hdl;\r
+               }\r
+               num_wr++;\r
                cl_memcpy(\r
                        p_ds, p_wr->ds_array, sizeof(ib_local_ds_t) * p_wr->num_ds );\r
                p_ds += p_wr->num_ds;\r
@@ -222,6 +229,7 @@ ual_post_recv(
        num_wr = 0;\r
        for( p_wr = p_recv_wr; p_wr; p_wr = p_wr->p_next )\r
        {\r
+               /* pNext and pDs pointer is set by the kernel proxy. */\r
                p_qp_ioctl->in.recv_wr[num_wr++] = *p_wr;\r
                cl_memcpy(\r
                        p_ds, p_wr->ds_array, sizeof(ib_local_ds_t) * p_wr->num_ds );\r
@@ -313,13 +321,12 @@ ual_create_qp(
         */\r
        qp_ioctl.in.h_pd = h_pd->obj.hdl;\r
        qp_ioctl.in.qp_create = *p_qp_create;\r
-       qp_ioctl.in.qp_create.h_rq_cq =\r
-               (ib_cq_handle_t)HDL_TO_PTR(p_qp_create->h_rq_cq->obj.hdl);\r
-       qp_ioctl.in.qp_create.h_sq_cq =\r
-               (ib_cq_handle_t)HDL_TO_PTR(p_qp_create->h_sq_cq->obj.hdl);\r
+       qp_ioctl.in.qp_create.h_rq_cq_padding = p_qp_create->h_rq_cq->obj.hdl;\r
+       qp_ioctl.in.qp_create.h_sq_cq_padding = p_qp_create->h_sq_cq->obj.hdl;\r
        if (p_qp_create->h_srq)\r
-               qp_ioctl.in.qp_create.h_srq =\r
-                       (ib_srq_handle_t)HDL_TO_PTR(p_qp_create->h_srq->obj.hdl);\r
+       {\r
+               qp_ioctl.in.qp_create.h_srq_padding = p_qp_create->h_srq->obj.hdl;\r
+       }\r
        qp_ioctl.in.context = (ULONG_PTR)h_qp;\r
        qp_ioctl.in.ev_notify = (h_qp->pfn_event_cb != NULL) ? TRUE : FALSE;\r
 \r
index fb42388..72ea850 100644 (file)
@@ -40,7 +40,6 @@
 #include <complib/cl_types.h>\r
 #include <complib/cl_byteswap.h>\r
 \r
-#define HDL_TO_PTR(hdl) Handle64ToHandle( (void * __ptr64) (hdl))\r
 \r
 #pragma warning( disable : 4201) //nameless union/structure\r
 \r