[openib-general] Re: user_mad::ib_umad_read question
Michael S. Tsirkin
mst at mellanox.co.il
Thu May 19 09:48:10 PDT 2005
Quoting r. Hal Rosenstock <halr at voltaire.com>:
> Subject: user_mad::ib_umad_read question
>
> Hi,
>
> In ib_umad_read, there is currently (or soon to be something like) the
> following:
> ...
> packet = list_entry(file->recv_list.next, struct ib_umad_packet, list);
> list_del(&packet->list);
>
> spin_unlock_irq(&file->recv_lock);
>
> if (copy_to_user(buf, &packet->mad,
> min(count, packet->length +
> sizeof (struct ib_user_mad))))
> ret = -EFAULT;
> else
> ret = count;
>
> kfree(packet);
> return ret;
>
> Should the packet be thrown away because copy_to_user() fails ?
> Shouldn't it be placed back at the head of the list ? Unfortunately,
> that would mean holding the recv lock longer (through the duration of
> copy_to_user).
>
> -- Hal
copy_to_user might sleep so you cant call it under a spinlock.
Since the user is only hurting himself by passing an illegal address,
I'd think it doesnt hurt to drop the mad.
--
MST - Michael S. Tsirkin
More information about the general
mailing list