Only the hardware drivers know what size the output data buffer must be for ndi_modify_qp. Have the drivers verify that the provided data buffer is large enough.
This fixes a crash if (say, a buggy) userspace (library under development) does not provide a response buffer.
Signed-off-by: Sean Hefty <sean.hefty@intel.com>
git-svn-id: svn://openib.tc.cornell.edu/gen1/trunk@1858
ad392aa1-c5ef-ae45-8dd8-
e69d62a5ef86
\r
HCA_ENTER(HCA_DBG_QP);\r
\r
+ if (buf_size < sizeof(resp.qp_state)) {\r
+ status = IB_INVALID_PARAMETER;\r
+ goto out;\r
+ }\r
+\r
/* imitate umv_buf */\r
umv_buf.command = TRUE; /* special case for NDI. Usually it's TRUE */\r
umv_buf.input_size = 0;\r
*p_outbuf = resp.qp_state;\r
}\r
\r
+out:\r
HCA_EXIT(HCA_DBG_QP);\r
return status;\r
}\r
\r
HCA_ENTER(HCA_DBG_QP);\r
\r
+ if (buf_size < sizeof(resp.qp_state)) {\r
+ status = IB_INVALID_PARAMETER;\r
+ goto out;\r
+ }\r
+\r
/* imitate umv_buf */\r
umv_buf.command = TRUE; /* special case for NDI. Usually it's TRUE */\r
umv_buf.input_size = 0;\r
*p_outbuf = resp.qp_state;\r
}\r
\r
+out:\r
HCA_EXIT(HCA_DBG_QP);\r
return status;\r
}\r