[openib-general] [PATCH] Nasty bug in ipoib
John Polstra
openib-in at polstra.com
Thu Jul 29 18:37:48 PDT 2004
I stumbled onto a nasty bug in the ipoib code. The call to
kmem_cache_create() for the _tsIp2prLinkRoot.user_req cache specifies
the element size as the size of the pointer rather than the size of
the structures that are stored in the cache. The attached patch
(relative to the gen2 branch) fixes it. I think this should be fixed
in the gen1 branch as well, since it can scribble on kernel memory
that doesn't belong to it.
John
-------------- next part --------------
Index: ip2pr_link.c
===================================================================
--- ip2pr_link.c (revision 544)
+++ ip2pr_link.c (working copy)
@@ -2188,7 +2188,7 @@
}
/* if */
_tsIp2prLinkRoot.user_req = kmem_cache_create("Ip2prUserReq",
- sizeof(tIP2PR_USER_REQ),
+ sizeof(tIP2PR_USER_REQ_STRUCT),
0, SLAB_HWCACHE_ALIGN,
NULL, NULL);
if (NULL == _tsIp2prLinkRoot.user_req) {
More information about the general
mailing list