From patchwork Thu May 24 14:56:06 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Wise X-Patchwork-Id: 10425007 X-Patchwork-Delegate: jgg@ziepe.ca Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 3457E6032A for ; Thu, 24 May 2018 15:15:34 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 168602967F for ; Thu, 24 May 2018 15:15:34 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 0B0D7296DF; Thu, 24 May 2018 15:15:34 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00, MAILING_LIST_MULTI, RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 69C502967F for ; Thu, 24 May 2018 15:15:33 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S966213AbeEXPPc (ORCPT ); Thu, 24 May 2018 11:15:32 -0400 Received: from 72-48-214-68.dyn.grandenetworks.net ([72.48.214.68]:33426 "EHLO smtp.opengridcomputing.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S966174AbeEXPPb (ORCPT ); Thu, 24 May 2018 11:15:31 -0400 Received: by smtp.opengridcomputing.com (Postfix, from userid 503) id 7FA662BBAE; Thu, 24 May 2018 10:15:31 -0500 (CDT) Message-Id: <90105b019b3144f26dc0f2282ac30ccacdf1247e.1527174890.git.swise@opengridcomputing.com> From: Steve Wise Date: Thu, 24 May 2018 07:56:06 -0700 Subject: [PATCH for-next] iw_cxgb4: fix fill_res_ep_entry() stack abuse To: jgg@mellanox.com Cc: linux-rdma@vger.kernel.org Sender: linux-rdma-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-rdma@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP Too many unnecessary structs on the stack. Just allocate one. Fixes: 13b35021c7d6 ("iw_cxgb4: provide detailed provider-specific CM_ID information") Signed-off-by: Steve Wise --- drivers/infiniband/hw/cxgb4/restrack.c | 56 +++++++++++++++++++++------------- 1 file changed, 34 insertions(+), 22 deletions(-) diff --git a/drivers/infiniband/hw/cxgb4/restrack.c b/drivers/infiniband/hw/cxgb4/restrack.c index 694ea65..9a7520e 100644 --- a/drivers/infiniband/hw/cxgb4/restrack.c +++ b/drivers/infiniband/hw/cxgb4/restrack.c @@ -190,15 +190,21 @@ static int fill_res_qp_entry(struct sk_buff *msg, return -EMSGSIZE; } +union union_ep { + struct c4iw_listen_ep lep; + struct c4iw_ep ep; +}; + static int fill_res_ep_entry(struct sk_buff *msg, struct rdma_restrack_entry *res) { struct rdma_cm_id *cm_id = rdma_res_to_id(res); struct nlattr *table_attr; - struct c4iw_ep_common epc, *epcp; - struct c4iw_listen_ep listen_ep; + struct c4iw_ep_common *epcp; + struct c4iw_listen_ep *listen_ep = NULL; + struct c4iw_ep *ep = NULL; struct iw_cm_id *iw_cm_id; - struct c4iw_ep ep; + union union_ep *uep; iw_cm_id = rdma_iw_cm_id(cm_id); if (!iw_cm_id) @@ -206,56 +212,62 @@ static int fill_res_ep_entry(struct sk_buff *msg, epcp = (struct c4iw_ep_common *)iw_cm_id->provider_data; if (!epcp) return 0; + uep = kcalloc(1, sizeof(*uep), GFP_KERNEL); + if (!uep) + return 0; table_attr = nla_nest_start(msg, RDMA_NLDEV_ATTR_DRIVER); if (!table_attr) - goto err; + goto err_free_uep; /* Get a consistent snapshot */ mutex_lock(&epcp->mutex); if (epcp->state == LISTEN) { - listen_ep = *(struct c4iw_listen_ep *)epcp; + uep->lep = *(struct c4iw_listen_ep *)epcp; mutex_unlock(&epcp->mutex); - epcp = &listen_ep.com; + listen_ep = &uep->lep; + epcp = &listen_ep->com; } else { - ep = *(struct c4iw_ep *)epcp; + uep->ep = *(struct c4iw_ep *)epcp; mutex_unlock(&epcp->mutex); - epcp = &ep.com; + ep = &uep->ep; + epcp = &ep->com; } - epc = *epcp; - if (rdma_nl_put_driver_u32(msg, "state", epc.state)) + if (rdma_nl_put_driver_u32(msg, "state", epcp->state)) goto err_cancel_table; - if (rdma_nl_put_driver_u64_hex(msg, "flags", epc.flags)) + if (rdma_nl_put_driver_u64_hex(msg, "flags", epcp->flags)) goto err_cancel_table; - if (rdma_nl_put_driver_u64_hex(msg, "history", epc.history)) + if (rdma_nl_put_driver_u64_hex(msg, "history", epcp->history)) goto err_cancel_table; - if (epc.state == LISTEN) { - if (rdma_nl_put_driver_u32(msg, "stid", listen_ep.stid)) + if (epcp->state == LISTEN) { + if (rdma_nl_put_driver_u32(msg, "stid", listen_ep->stid)) goto err_cancel_table; - if (rdma_nl_put_driver_u32(msg, "backlog", listen_ep.backlog)) + if (rdma_nl_put_driver_u32(msg, "backlog", listen_ep->backlog)) goto err_cancel_table; } else { - if (rdma_nl_put_driver_u32(msg, "hwtid", ep.hwtid)) + if (rdma_nl_put_driver_u32(msg, "hwtid", ep->hwtid)) goto err_cancel_table; - if (rdma_nl_put_driver_u32(msg, "ord", ep.ord)) + if (rdma_nl_put_driver_u32(msg, "ord", ep->ord)) goto err_cancel_table; - if (rdma_nl_put_driver_u32(msg, "ird", ep.ird)) + if (rdma_nl_put_driver_u32(msg, "ird", ep->ird)) goto err_cancel_table; - if (rdma_nl_put_driver_u32(msg, "emss", ep.emss)) + if (rdma_nl_put_driver_u32(msg, "emss", ep->emss)) goto err_cancel_table; - if (!ep.parent_ep && rdma_nl_put_driver_u32(msg, "atid", - ep.atid)) + if (!ep->parent_ep && rdma_nl_put_driver_u32(msg, "atid", + ep->atid)) goto err_cancel_table; } nla_nest_end(msg, table_attr); + kfree(uep); return 0; err_cancel_table: nla_nest_cancel(msg, table_attr); -err: +err_free_uep: + kfree(uep); return -EMSGSIZE; }