[openib-general] kernel oops

[Hal Rosenstock]

On Wed, 2005-08-31 at 19:56, Hal Rosenstock wrote: 
>  I'll work on a patch for this.

Here's a patch for this. Let me know if it works. [I tried it out and it
works for me.] If it does, the next question is how does the pointer get
trashed.

-- Hal

In ib_at_route_by_ip, validate IB device supplied in ib_at_ib_route
structure passed in.

Signed-off-by: Hal Rosenstock <halr at voltaire.com>

Index: at.c
===================================================================
--- at.c	(revision 3291)
+++ at.c	(working copy)
@@ -1369,11 +1369,30 @@ int ib_at_paths_by_route(struct ib_at_ib
 {
 	struct path_req *preq;
 	struct async *parent;
+	struct ib_at_dev *ib_dev, *e;
+	struct ipoib_dev_priv *priv;
+	int found = 0;
 	/* int r; */
 
 	if (!ib_route || npath <= 0 || !path_arr)
 		return -EINVAL;
 
+	/* If supplied, validate ib_device pointer in supplied ib_route */
+	if (ib_route->out_dev) {
+		for (ib_dev = ib_at_devs, e = ib_dev + IB_AT_MAX_DEV;
+			      ib_dev < e; ib_dev++) {
+			if (!ib_dev->netdev || !ib_dev->valid)
+				continue;
+			priv = ib_dev->netdev->priv;
+			if (priv->ca == ib_route->out_dev) {
+				found = 1;
+				break;
+			}
+		}
+		if (!found)
+			return -EINVAL;
+	}
+
 	if (!(preq = kmem_cache_alloc(path_req_cache, SLAB_KERNEL)))
 		return -ENOMEM;
 
@@ -1475,6 +1494,7 @@ EXPORT_SYMBOL(ib_at_ips_by_subnet);
 
 int ib_at_invalidate_paths(struct ib_at_ib_route *ib_route)
 {
+	/* Need to validate ib_route->out_dev if supplied */
 	return 0;	/* no caching for now */
 }
 EXPORT_SYMBOL(ib_at_invalidate_paths);