[git patch review 3/5] [IB] uverbs: Avoid NULL pointer deref on CQasync event

From: Roland Dreier
Date: Mon Oct 31 2005 - 17:36:06 EST

Next message: Roland Dreier: "[git patch review 5/5] [IPoIB] cleanups: fix comment,remove useless variables"
Previous message: Roland Dreier: "[git patch review 4/5] [IB] mthca: Avoid SRQ free WQE list corruption"
In reply to: Roland Dreier: "[git patch review 2/5] [IPoIB] use spin_trylock_irqsave()"
Next in thread: Roland Dreier: "[git patch review 4/5] [IB] mthca: Avoid SRQ free WQE list corruption"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Userspace CQs that have no completion event channel attached end up
with their cq_context set to NULL. However, asynchronous events like
"CQ overrun" can still occur on such CQs, so add a uverbs_file member
to struct ib_ucq_object that we can follow to deliver these events.

Signed-off-by: Roland Dreier <rolandd@xxxxxxxxx>

---

drivers/infiniband/core/uverbs.h | 1 +
drivers/infiniband/core/uverbs_cmd.c | 1 +
drivers/infiniband/core/uverbs_main.c | 9 +++------
3 files changed, 5 insertions(+), 6 deletions(-)

applies-to: e7fbd856e7522b65d309e9dfd425541d8f45a0bd
7162a3e0db34e914a8bc5bf74bbae0b386310cf8
diff --git a/drivers/infiniband/core/uverbs.h b/drivers/infiniband/core/uverbs.h
index 031cdf3..ecb8301 100644
--- a/drivers/infiniband/core/uverbs.h
+++ b/drivers/infiniband/core/uverbs.h
@@ -113,6 +113,7 @@ struct ib_uevent_object {

struct ib_ucq_object {
struct ib_uobject uobject;
+ struct ib_uverbs_file *uverbs_file;
struct list_head comp_list;
struct list_head async_list;
u32 comp_events_reported;
diff --git a/drivers/infiniband/core/uverbs_cmd.c b/drivers/infiniband/core/uverbs_cmd.c
index 8c89abc..63a7415 100644
--- a/drivers/infiniband/core/uverbs_cmd.c
+++ b/drivers/infiniband/core/uverbs_cmd.c
@@ -602,6 +602,7 @@ ssize_t ib_uverbs_create_cq(struct ib_uv

uobj->uobject.user_handle = cmd.user_handle;
uobj->uobject.context = file->ucontext;
+ uobj->uverbs_file = file;
uobj->comp_events_reported = 0;
uobj->async_events_reported = 0;
INIT_LIST_HEAD(&uobj->comp_list);
diff --git a/drivers/infiniband/core/uverbs_main.c b/drivers/infiniband/core/uverbs_main.c
index 0eb38f4..e58a7b2 100644
--- a/drivers/infiniband/core/uverbs_main.c
+++ b/drivers/infiniband/core/uverbs_main.c
@@ -442,13 +442,10 @@ static void ib_uverbs_async_handler(stru

void ib_uverbs_cq_event_handler(struct ib_event *event, void *context_ptr)
{
- struct ib_uverbs_event_file *ev_file = context_ptr;
- struct ib_ucq_object *uobj;
+ struct ib_ucq_object *uobj = container_of(event->element.cq->uobject,
+ struct ib_ucq_object, uobject);

- uobj = container_of(event->element.cq->uobject,
- struct ib_ucq_object, uobject);
-
- ib_uverbs_async_handler(ev_file->uverbs_file, uobj->uobject.user_handle,
+ ib_uverbs_async_handler(uobj->uverbs_file, uobj->uobject.user_handle,
event->event, &uobj->async_list,
&uobj->async_events_reported);

---
0.99.9
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Roland Dreier: "[git patch review 5/5] [IPoIB] cleanups: fix comment,remove useless variables"
Previous message: Roland Dreier: "[git patch review 4/5] [IB] mthca: Avoid SRQ free WQE list corruption"
In reply to: Roland Dreier: "[git patch review 2/5] [IPoIB] use spin_trylock_irqsave()"
Next in thread: Roland Dreier: "[git patch review 4/5] [IB] mthca: Avoid SRQ free WQE list corruption"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]