[openib-general] Re: user_mad::ib_umad_read question

Michael S. Tsirkin mst at mellanox.co.il
Thu May 19 09:48:10 PDT 2005


Quoting r. Hal Rosenstock <halr at voltaire.com>:
> Subject: user_mad::ib_umad_read question
> 
> Hi,
> 
> In ib_umad_read, there is currently (or soon to be something like) the
> following:
> 	...
>         packet = list_entry(file->recv_list.next, struct ib_umad_packet, list);
>         list_del(&packet->list);
> 
>         spin_unlock_irq(&file->recv_lock);
> 
>         if (copy_to_user(buf, &packet->mad,
>                          min(count, packet->length +
>                              sizeof (struct ib_user_mad))))
>                 ret = -EFAULT;
>         else
>                 ret = count;
> 
>         kfree(packet);
>         return ret;
> 
> Should the packet be thrown away because copy_to_user() fails ?
> Shouldn't it be placed back at the head of the list ? Unfortunately,
> that would mean holding the recv lock longer (through the duration of
> copy_to_user).
> 
> -- Hal

copy_to_user might sleep so you cant call it under a spinlock.

Since the user is only hurting himself by passing an illegal address,
I'd think it doesnt hurt to drop the mad.

-- 
MST - Michael S. Tsirkin



More information about the general mailing list