[ofw] [PATCH] Fix TO_LONG_PTR use in IOCTLs
Fab Tillier
ftillier at windows.microsoft.com
Fri Jul 11 16:58:24 PDT 2008
Some IOCTLs transfer API structures with embedded pointers. These embedded pointers use the TO_LONG_PTR macro to pad everything out so that __ptr64 isn't used. The idea here is fine, but the change to eliminate the __ptr64 was riddled with problems that weren't caught by the find/replace brute force code changes.
Specifically, you had code like this:
>core\al\user\ual_mr.c, ual_reg_mem at 67
>
> /* Clear the mr_ioctl */
> cl_memclr( &mr_ioctl, sizeof(mr_ioctl) );
In theory, no uninitialized upper 32-bits of a TO_LONG_PTR structure would get sent to the kernel.
> mr_ioctl.in.h_pd = h_pd->obj.hdl;
> mr_ioctl.in.mem_create = *p_mr_create;
Oops, the mem_create in the IOCTL buffer was overwritten with the caller's structure, which may have uninitialized padding. This isn't subsequently cleared, effectively defeating the purpose of the memclr.
>+ mr_ioctl.in.mem_create.vaddr_padding = (ULONG_PTR)p_mr_create->vaddr;
Pretty much every instance of embedded structures in IOCTLs was broken in this way. There were cases where things were closer to being right:
>core\al\user\ual_qp.c, ual_create_qp at 313
> */
> qp_ioctl.in.h_pd = h_pd->obj.hdl;
> qp_ioctl.in.qp_create = *p_qp_create;
Ok, same copy issue as above...
> qp_ioctl.in.qp_create.h_rq_cq =
> (ib_cq_handle_t)HDL_TO_PTR(p_qp_create->h_rq_cq->obj.hdl);
> qp_ioctl.in.qp_create.h_sq_cq =
> (ib_cq_handle_t)HDL_TO_PTR(p_qp_create->h_sq_cq->obj.hdl);
Ah, close but not quite - you have the assignment, but it only assigns the pointer part of the TO_LONG_PTR union. The padding is still a copy of the user's structure, potentially giving an invalid handle in the kernel. All uses of HDL_TO_PTR were eliminated as they didn't actually accomplish anything.
This patch fixes this, and always uses the 'padding' field of the TO_LONG_PTR union so that the value is always fully set.
There's also a bug fixed in UD work requests that get sent via IOCTL - the AV handle was never swizzled to its appropriate kernel handle.
Signed-off-by: Fab Tillier <ftillier at microsoft.com>
diff -up -r -X trunk\docs\dontdiff.txt -I \$Id: old\core\al\kernel\al_ndi_cm.c trunk\core\al\kernel\al_ndi_cm.c
--- old\core\al\kernel\al_ndi_cm.c Fri Jul 11 16:24:31 2008
+++ trunk\core\al\kernel\al_ndi_cm.c Fri Jul 11 16:51:24 2008
@@ -643,7 +643,7 @@ __ndi_proc_dreq(
static void
__ndi_proc_rej(
IN ib_qp_handle_t const h_qp,
- IN const mad_cm_rej_t* const p_rej )
+ IN const mad_cm_rej_t* const p_rej )
{
KIRQL irql;
IRP* p_irp;
@@ -1158,7 +1158,7 @@ exit:
if( p_query_rec->p_result_mad )
ib_put_mad( p_query_rec->p_result_mad );
- deref_al_obj( &h_qp->obj ); /* release path query reference */
+ deref_al_obj( &h_qp->obj ); /* release path query reference */
AL_EXIT( AL_DBG_NDI );
}
@@ -1208,7 +1208,7 @@ __ndi_pr_query(
{
h_qp->p_irp_queue->state = NDI_CM_IDLE;
AL_PRINT_EXIT( TRACE_LEVEL_ERROR, AL_DBG_ERROR, ("ib_query failed (%d)\n", status) );
- deref_al_obj( &h_qp->obj ); /* release path query reference */
+ deref_al_obj( &h_qp->obj ); /* release path query reference */
return ib_to_ntstatus( status );
}
@@ -1437,7 +1437,7 @@ exit:
static void
__ndi_fill_cm_rep(
IN ib_qp_handle_t const h_qp,
- IN ual_ndi_rep_cm_ioctl_in_t *p_rep,
+ IN ual_ndi_rep_cm_ioctl_in_t *p_rep,
OUT ib_cm_rep_t *p_cm_rep)
{
AL_ENTER( AL_DBG_NDI );
@@ -1676,6 +1676,4 @@ ndi_dreq_cm(
AL_EXIT( AL_DBG_NDI );
return status;
}
-
-
diff -up -r -X trunk\docs\dontdiff.txt -I \$Id: old\core\al\kernel\al_proxy.c trunk\core\al\kernel\al_proxy.c
--- old\core\al\kernel\al_proxy.c Fri Jul 11 16:25:08 2008
+++ trunk\core\al\kernel\al_proxy.c Fri Jul 11 16:51:24 2008
@@ -776,7 +776,7 @@ __proxy_pnp_cb(
break;
}
- p_evt_rec->pnp.h_pnp = (ib_pnp_handle_t)HDL_TO_PTR(p_pnp_rec->h_pnp->obj.hdl);
+ p_evt_rec->pnp.h_pnp_padding = p_pnp_rec->h_pnp->obj.hdl;
p_pnp_rec->h_pnp->obj.hdl_valid = TRUE;
hdl =
diff -up -r -X trunk\docs\dontdiff.txt -I \$Id: old\core\al\kernel\al_proxy_cep.c trunk\core\al\kernel\al_proxy_cep.c
--- old\core\al\kernel\al_proxy_cep.c Fri Jul 11 16:25:08 2008
+++ trunk\core\al\kernel\al_proxy_cep.c Fri Jul 11 16:51:24 2008
@@ -206,7 +206,7 @@ proxy_cep_pre_req(
/* Get the kernel QP handle. */
h_qp = (ib_qp_handle_t)al_hdl_ref(
- p_context->h_al, (uint64_t)p_ioctl->in.cm_req.h_qp, AL_OBJ_TYPE_H_QP );
+ p_context->h_al, p_ioctl->in.cm_req.h_qp_padding, AL_OBJ_TYPE_H_QP );
if( !h_qp )
{
p_ioctl->out.status = IB_INVALID_QP_HANDLE;
@@ -292,7 +292,7 @@ proxy_cep_pre_rep(
/* Get the kernel QP handle. */
h_qp = (ib_qp_handle_t)al_hdl_ref(
- p_context->h_al, (uint64_t)p_ioctl->in.cm_rep.h_qp, AL_OBJ_TYPE_H_QP );
+ p_context->h_al, p_ioctl->in.cm_rep.h_qp_padding, AL_OBJ_TYPE_H_QP );
if( !h_qp )
{
p_ioctl->out.status = IB_INVALID_QP_HANDLE;
@@ -553,7 +553,7 @@ proxy_cep_lap(
/* Get the kernel QP handle. */
h_qp = (ib_qp_handle_t)al_hdl_ref(
- p_context->h_al, (uint64_t)p_ioctl->cm_lap.h_qp, AL_OBJ_TYPE_H_QP );
+ p_context->h_al, p_ioctl->cm_lap.h_qp_padding, AL_OBJ_TYPE_H_QP );
if( !h_qp )
{
status = IB_INVALID_QP_HANDLE;
@@ -606,7 +606,7 @@ proxy_cep_pre_apr(
/* Get the kernel QP handle. */
h_qp = (ib_qp_handle_t)al_hdl_ref(
- p_context->h_al, (uint64_t)p_ioctl->in.cm_apr.h_qp, AL_OBJ_TYPE_H_QP );
+ p_context->h_al, p_ioctl->in.cm_apr.h_qp_padding, AL_OBJ_TYPE_H_QP );
if( !h_qp )
{
p_ioctl->out.status = IB_INVALID_QP_HANDLE;
diff -up -r -X trunk\docs\dontdiff.txt -I \$Id: old\core\al\kernel\al_proxy_verbs.c trunk\core\al\kernel\al_proxy_verbs.c
--- old\core\al\kernel\al_proxy_verbs.c Fri Jul 11 16:25:08 2008
+++ trunk\core\al\kernel\al_proxy_verbs.c Fri Jul 11 16:51:24 2008
@@ -350,7 +350,7 @@ proxy_ca_err_cb(
cb_info.rec_type = CA_ERROR_REC;
/* Return the Proxy's open_ca handle and the user's context */
cb_info.ioctl_rec.event_rec = *p_err_rec;
- cb_info.ioctl_rec.event_rec.handle.h_ca = (ib_ca_handle_t)HDL_TO_PTR(h_ca->obj.hdl);
+ cb_info.ioctl_rec.event_rec.handle.h_ca_padding = h_ca->obj.hdl;
/* The proxy handle must be valid now. */
if( !h_ca->obj.hdl_valid )
@@ -987,7 +987,7 @@ proxy_srq_err_cb(
cb_info.rec_type = SRQ_ERROR_REC;
/* Return the Proxy's SRQ handle and the user's context */
cb_info.ioctl_rec.event_rec = *p_err_rec;
- cb_info.ioctl_rec.event_rec.handle.h_srq = (ib_srq_handle_t) HDL_TO_PTR(h_srq->obj.hdl);
+ cb_info.ioctl_rec.event_rec.handle.h_srq_padding = h_srq->obj.hdl;
/* The proxy handle must be valid now. */
if( !h_srq->obj.hdl_valid )
@@ -1291,7 +1291,7 @@ proxy_qp_err_cb(
cb_info.rec_type = QP_ERROR_REC;
/* Return the Proxy's QP handle and the user's context */
cb_info.ioctl_rec.event_rec = *p_err_rec;
- cb_info.ioctl_rec.event_rec.handle.h_qp = (ib_qp_handle_t)HDL_TO_PTR(h_qp->obj.hdl);
+ cb_info.ioctl_rec.event_rec.handle.h_qp_padding = h_qp->obj.hdl;
/* The proxy handle must be valid now. */
if( !h_qp->obj.hdl_valid )
@@ -1345,12 +1345,12 @@ proxy_create_qp(
h_pd = (ib_pd_handle_t)
al_hdl_ref( p_context->h_al, p_ioctl->in.h_pd, AL_OBJ_TYPE_H_PD );
h_sq_cq = (ib_cq_handle_t)al_hdl_ref( p_context->h_al,
- (uint64_t)p_ioctl->in.qp_create.h_sq_cq, AL_OBJ_TYPE_H_CQ );
+ p_ioctl->in.qp_create.h_sq_cq_padding, AL_OBJ_TYPE_H_CQ );
h_rq_cq = (ib_cq_handle_t)al_hdl_ref( p_context->h_al,
- (uint64_t)p_ioctl->in.qp_create.h_rq_cq, AL_OBJ_TYPE_H_CQ );
+ p_ioctl->in.qp_create.h_rq_cq_padding, AL_OBJ_TYPE_H_CQ );
if (p_ioctl->in.qp_create.h_srq) {
h_srq = (ib_srq_handle_t)al_hdl_ref( p_context->h_al,
- (uint64_t)p_ioctl->in.qp_create.h_srq, AL_OBJ_TYPE_H_SRQ );
+ p_ioctl->in.qp_create.h_srq_padding, AL_OBJ_TYPE_H_SRQ );
if( !h_srq)
{
status = IB_INVALID_SRQ_HANDLE;
@@ -1490,26 +1490,24 @@ proxy_query_qp(
{
if( p_ioctl->out.attr.h_pd )
{
- p_ioctl->out.attr.h_pd =
- (ib_pd_handle_t)HDL_TO_PTR(p_ioctl->out.attr.h_pd->obj.hdl);
+ p_ioctl->out.attr.h_pd_padding = p_ioctl->out.attr.h_pd->obj.hdl;
}
if( p_ioctl->out.attr.h_sq_cq )
{
- p_ioctl->out.attr.h_sq_cq =
- (ib_cq_handle_t)HDL_TO_PTR(p_ioctl->out.attr.h_sq_cq->obj.hdl);
+ p_ioctl->out.attr.h_sq_cq_padding =
+ p_ioctl->out.attr.h_sq_cq->obj.hdl;
}
if( p_ioctl->out.attr.h_rq_cq )
{
- p_ioctl->out.attr.h_rq_cq =
- (ib_cq_handle_t)HDL_TO_PTR(p_ioctl->out.attr.h_rq_cq->obj.hdl);
+ p_ioctl->out.attr.h_rq_cq_padding =
+ p_ioctl->out.attr.h_rq_cq->obj.hdl;
}
if( p_ioctl->out.attr.h_srq )
{
- p_ioctl->out.attr.h_srq =
- (ib_srq_handle_t)HDL_TO_PTR(p_ioctl->out.attr.h_srq->obj.hdl);
+ p_ioctl->out.attr.h_srq_padding = p_ioctl->out.attr.h_srq->obj.hdl;
}
}
else
@@ -2044,7 +2042,7 @@ proxy_cq_err_cb(
cb_info.rec_type = CQ_ERROR_REC;
/* Return the Proxy's cq handle and the user's context */
cb_info.ioctl_rec.event_rec = *p_err_rec;
- cb_info.ioctl_rec.event_rec.handle.h_cq = (ib_cq_handle_t)HDL_TO_PTR(h_cq->obj.hdl);
+ cb_info.ioctl_rec.event_rec.handle.h_cq_padding = h_cq->obj.hdl;
/* The proxy handle must be valid now. */
if( !h_cq->obj.hdl_valid )
@@ -2358,7 +2356,7 @@ proxy_post_send(
{
/* Validate the AV handle for UD */
h_av = (ib_av_handle_t)al_hdl_ref( p_context->h_al,
- (uint64_t)p_wr[i].dgrm.ud.h_av, AL_OBJ_TYPE_H_AV );
+ p_wr[i].dgrm.ud.h_av_padding, AL_OBJ_TYPE_H_AV );
if( !h_av )
{
status = IB_INVALID_AV_HANDLE;
@@ -3039,8 +3037,7 @@ proxy_query_mr(
if( status == IB_SUCCESS )
{
/* Replace the pd handle with proxy's handle */
- p_ioctl->out.attr.h_pd =
- (ib_pd_handle_t)HDL_TO_PTR(p_ioctl->out.attr.h_pd->obj.hdl);
+ p_ioctl->out.attr.h_pd_padding = p_ioctl->out.attr.h_pd->obj.hdl;
}
else
{
@@ -3484,7 +3481,7 @@ proxy_bind_mw(
/* Validate MR handle */
h_mr = (ib_mr_handle_t)al_hdl_ref( p_context->h_al,
- (uint64_t)p_ioctl->in.mw_bind.h_mr, AL_OBJ_TYPE_H_MR );
+ p_ioctl->in.mw_bind.h_mr_padding, AL_OBJ_TYPE_H_MR );
if( !h_mr )
{
status = IB_INVALID_MR_HANDLE;
diff -up -r -X trunk\docs\dontdiff.txt -I \$Id: old\core\al\user\ual_cm_cep.c trunk\core\al\user\ual_cm_cep.c
--- old\core\al\user\ual_cm_cep.c Fri Jul 11 16:25:08 2008
+++ trunk\core\al\user\ual_cm_cep.c Fri Jul 11 16:51:24 2008
@@ -449,7 +449,7 @@ al_cep_listen(
DWORD bytes_ret;
AL_ENTER( AL_DBG_CM );
- cl_memclr(&ioctl, sizeof(ioctl));
+
if( !h_al )
{
AL_EXIT( AL_DBG_CM );
@@ -464,6 +464,7 @@ al_cep_listen(
ioctl.cid = cid;
ioctl.cep_listen = *p_listen_info;
+ ioctl.cep_listen.p_cmp_buf_padding = 0;
if( p_listen_info->p_cmp_buf )
{
if( p_listen_info->cmp_len > IB_REQ_PDATA_SIZE )
@@ -473,6 +474,7 @@ al_cep_listen(
return IB_INVALID_SETTING;
}
+ ioctl.cep_listen.p_cmp_buf_padding = 1;
cl_memcpy( ioctl.compare, p_listen_info->p_cmp_buf,
p_listen_info->cmp_len );
}
@@ -520,14 +522,19 @@ al_cep_pre_req(
AL_EXIT( AL_DBG_ERROR );
return IB_INVALID_PARAMETER;
}
- cl_memclr(&ioctl, sizeof(ioctl));
+
ioctl.in.cid = cid;
ioctl.in.cm_req = *p_cm_req;
- ioctl.in.cm_req.h_qp = (ib_qp_handle_t) HDL_TO_PTR(p_cm_req->h_qp->obj.hdl);
+ ioctl.in.cm_req.h_qp_padding = p_cm_req->h_qp->obj.hdl;
ioctl.in.paths[0] = *(p_cm_req->p_primary_path);
+ ioctl.in.cm_req.p_alt_path_padding = 0;
if( p_cm_req->p_alt_path )
+ {
+ ioctl.in.cm_req.p_alt_path_padding = 1;
ioctl.in.paths[1] = *(p_cm_req->p_alt_path);
+ }
/* Copy private data, if any. */
+ ioctl.in.cm_req.p_req_pdata_padding = 0;
if( p_cm_req->p_req_pdata )
{
if( p_cm_req->req_length > IB_REQ_PDATA_SIZE )
@@ -537,11 +544,13 @@ al_cep_pre_req(
return IB_INVALID_SETTING;
}
+ ioctl.in.cm_req.p_req_pdata_padding = 1;
cl_memcpy( ioctl.in.pdata, p_cm_req->p_req_pdata,
p_cm_req->req_length );
}
/* Copy compare data, if any. */
+ ioctl.in.cm_req.p_compare_buffer_padding = 0;
if( p_cm_req->p_compare_buffer )
{
if( p_cm_req->compare_length > IB_REQ_PDATA_SIZE )
@@ -551,6 +560,7 @@ al_cep_pre_req(
return IB_INVALID_SETTING;
}
+ ioctl.in.cm_req.p_compare_buffer_padding = 1;
cl_memcpy( ioctl.in.compare, p_cm_req->p_compare_buffer,
p_cm_req->compare_length );
}
@@ -635,7 +645,6 @@ al_cep_pre_rep(
AL_EXIT( AL_DBG_ERROR );
return IB_INVALID_PARAMETER;
}
- cl_memclr(&ioctl, sizeof (ioctl));
/* Store the context for the CEP. */
cl_spinlock_acquire( &gp_cep_mgr->obj.lock );
@@ -652,8 +661,9 @@ al_cep_pre_rep(
ioctl.in.context = (ULONG_PTR)context;
ioctl.in.cid = cid;
ioctl.in.cm_rep = *p_cm_rep;
- ioctl.in.cm_rep.h_qp = (ib_qp_handle_t)HDL_TO_PTR(p_cm_rep->h_qp->obj.hdl);
+ ioctl.in.cm_rep.h_qp_padding = p_cm_rep->h_qp->obj.hdl;
/* Copy private data, if any. */
+ ioctl.in.cm_rep.p_rep_pdata_padding = 0;
if( p_cm_rep->p_rep_pdata )
{
if( p_cm_rep->rep_length > IB_REP_PDATA_SIZE )
@@ -663,6 +673,7 @@ al_cep_pre_rep(
return IB_INVALID_SETTING;
}
+ ioctl.in.cm_rep.p_rep_pdata_padding = 1;
cl_memcpy( ioctl.in.pdata, p_cm_rep->p_rep_pdata,
p_cm_rep->rep_length );
}
@@ -823,7 +834,7 @@ al_cep_rtu(
AL_EXIT( AL_DBG_CM );
return IB_INVALID_HANDLE;
}
- cl_memclr(&ioctl, sizeof(ioctl));
+
ioctl.cid = cid;
/* Copy private data, if any. */
if( p_pdata )
@@ -874,7 +885,7 @@ al_cep_rej(
AL_EXIT( AL_DBG_CM );
return IB_INVALID_HANDLE;
}
- cl_memclr(&ioctl, sizeof(ioctl));
+
ioctl.cid = cid;
ioctl.rej_status = rej_status;
if( p_ari )
@@ -948,9 +959,10 @@ al_cep_mra(
AL_EXIT( AL_DBG_CM );
return IB_INVALID_HANDLE;
}
- cl_memclr(&ioctl, sizeof (ioctl));
+
ioctl.cid = cid;
ioctl.cm_mra = *p_cm_mra;
+ ioctl.cm_mra.p_mra_pdata_padding = 0;
/* Copy private data, if any. */
if( p_cm_mra->p_mra_pdata )
{
@@ -961,6 +973,7 @@ al_cep_mra(
return IB_INVALID_SETTING;
}
+ ioctl.cm_mra.p_mra_pdata_padding = 1;
cl_memcpy(
ioctl.pdata, p_cm_mra->p_mra_pdata, p_cm_mra->mra_length );
}
@@ -1008,12 +1021,13 @@ al_cep_lap(
AL_EXIT( AL_DBG_CM );
return IB_INVALID_HANDLE;
}
- cl_memclr(&ioctl,sizeof (ioctl));
+
ioctl.cid = cid;
ioctl.cm_lap = *p_cm_lap;
- ioctl.cm_lap.h_qp = (ib_qp_handle_t) HDL_TO_PTR(p_cm_lap->h_qp->obj.hdl);
+ ioctl.cm_lap.h_qp_padding = p_cm_lap->h_qp->obj.hdl;
ioctl.alt_path = *(p_cm_lap->p_alt_path);
/* Copy private data, if any. */
+ ioctl.cm_lap.p_lap_pdata_padding = 0;
if( p_cm_lap->p_lap_pdata )
{
if( p_cm_lap->lap_length > IB_LAP_PDATA_SIZE )
@@ -1023,6 +1037,7 @@ al_cep_lap(
return IB_INVALID_SETTING;
}
+ ioctl.cm_lap.p_lap_pdata_padding = 1;
cl_memcpy(
ioctl.pdata, p_cm_lap->p_lap_pdata, p_cm_lap->lap_length );
}
@@ -1064,10 +1079,11 @@ al_cep_pre_apr(
AL_EXIT( AL_DBG_CM );
return IB_INVALID_PARAMETER;
}
- cl_memclr(&ioctl, sizeof (ioctl));
+
ioctl.in.cid = cid;
ioctl.in.cm_apr = *p_cm_apr;
- ioctl.in.cm_apr.h_qp = (ib_qp_handle_t)HDL_TO_PTR(p_cm_apr->h_qp->obj.hdl);
+ ioctl.in.cm_apr.h_qp_padding = p_cm_apr->h_qp->obj.hdl;
+ ioctl.in.cm_apr.p_info_padding = 0;
if( p_cm_apr->p_info )
{
if( p_cm_apr->info_length > IB_APR_INFO_SIZE )
@@ -1077,19 +1093,22 @@ al_cep_pre_apr(
return IB_INVALID_SETTING;
}
+ ioctl.in.cm_apr.p_info_padding = 1;
cl_memcpy(
ioctl.in.apr_info, p_cm_apr->p_info, p_cm_apr->info_length );
}
/* Copy private data, if any. */
+ ioctl.in.cm_apr.p_apr_pdata_padding = 0;
if( p_cm_apr->p_apr_pdata )
{
- if( p_cm_apr->apr_length > IB_APR_PDATA_SIZE) //TODO ??????
+ if( p_cm_apr->apr_length > IB_APR_PDATA_SIZE )
{
AL_PRINT_EXIT(TRACE_LEVEL_ERROR ,AL_DBG_ERROR,
("private data larger than APR private data.\n") );
return IB_INVALID_SETTING;
}
+ ioctl.in.cm_apr.p_apr_pdata_padding = 1;
cl_memcpy(
ioctl.in.pdata, p_cm_apr->p_apr_pdata, p_cm_apr->apr_length );
}
@@ -1159,7 +1178,7 @@ al_cep_dreq(
AL_EXIT( AL_DBG_CM );
return IB_INVALID_HANDLE;
}
- cl_memclr(&ioctl, sizeof(ioctl));
+
ioctl.cid = cid;
/* Copy private data, if any. */
if( p_pdata )
diff -up -r -X trunk\docs\dontdiff.txt -I \$Id: old\core\al\user\ual_mr.c trunk\core\al\user\ual_mr.c
--- old\core\al\user\ual_mr.c Tue Jul 01 10:36:06 2008
+++ trunk\core\al\user\ual_mr.c Fri Jul 11 16:51:24 2008
@@ -65,11 +65,9 @@ ual_reg_mem(
AL_ENTER( AL_DBG_MR );
- /* Clear the mr_ioctl */
- cl_memclr( &mr_ioctl, sizeof(mr_ioctl) );
-
mr_ioctl.in.h_pd = h_pd->obj.hdl;
mr_ioctl.in.mem_create = *p_mr_create;
+ mr_ioctl.in.mem_create.vaddr_padding = (ULONG_PTR)p_mr_create->vaddr;
cl_status = do_al_dev_ioctl( UAL_REG_MR,
&mr_ioctl.in, sizeof(mr_ioctl.in), &mr_ioctl.out, sizeof(mr_ioctl.out),
diff -up -r -X trunk\docs\dontdiff.txt -I \$Id: old\core\al\user\ual_mw.c trunk\core\al\user\ual_mw.c
--- old\core\al\user\ual_mw.c Fri Jul 11 16:25:07 2008
+++ trunk\core\al\user\ual_mw.c Fri Jul 11 16:51:24 2008
@@ -280,7 +280,7 @@ ual_bind_mw(
mw_ioctl.in.h_mw = h_mw->obj.hdl;
mw_ioctl.in.h_qp = h_qp->obj.hdl;
mw_ioctl.in.mw_bind = *p_mw_bind;
- mw_ioctl.in.mw_bind.h_mr = (ib_mr_handle_t) HDL_TO_PTR(p_mw_bind->h_mr->obj.hdl);
+ mw_ioctl.in.mw_bind.h_mr_padding = p_mw_bind->h_mr->obj.hdl;
cl_status = do_al_dev_ioctl( UAL_BIND_MW,
&mw_ioctl.in, sizeof(mw_ioctl.in), &mw_ioctl.out, sizeof(mw_ioctl.out),
diff -up -r -X trunk\docs\dontdiff.txt -I \$Id: old\core\al\user\ual_qp.c trunk\core\al\user\ual_qp.c
--- old\core\al\user\ual_qp.c Fri Jul 11 16:25:08 2008
+++ trunk\core\al\user\ual_qp.c Fri Jul 11 16:51:24 2008
@@ -115,7 +115,14 @@ ual_post_send(
num_wr = 0;
for( p_wr = p_send_wr; p_wr; p_wr = p_wr->p_next )
{
- p_qp_ioctl->in.send_wr[num_wr++] = *p_wr;
+ /* pNext and pDs pointer is set by the kernel proxy. */
+ p_qp_ioctl->in.send_wr[num_wr] = *p_wr;
+ if( h_qp->type == IB_QPT_UNRELIABLE_DGRM )
+ {
+ p_qp_ioctl->in.send_wr[num_wr].dgrm.ud.h_av_padding =
+ p_wr->dgrm.ud.h_av->obj.hdl;
+ }
+ num_wr++;
cl_memcpy(
p_ds, p_wr->ds_array, sizeof(ib_local_ds_t) * p_wr->num_ds );
p_ds += p_wr->num_ds;
@@ -222,6 +229,7 @@ ual_post_recv(
num_wr = 0;
for( p_wr = p_recv_wr; p_wr; p_wr = p_wr->p_next )
{
+ /* pNext and pDs pointer is set by the kernel proxy. */
p_qp_ioctl->in.recv_wr[num_wr++] = *p_wr;
cl_memcpy(
p_ds, p_wr->ds_array, sizeof(ib_local_ds_t) * p_wr->num_ds );
@@ -313,13 +321,12 @@ ual_create_qp(
*/
qp_ioctl.in.h_pd = h_pd->obj.hdl;
qp_ioctl.in.qp_create = *p_qp_create;
- qp_ioctl.in.qp_create.h_rq_cq =
- (ib_cq_handle_t)HDL_TO_PTR(p_qp_create->h_rq_cq->obj.hdl);
- qp_ioctl.in.qp_create.h_sq_cq =
- (ib_cq_handle_t)HDL_TO_PTR(p_qp_create->h_sq_cq->obj.hdl);
+ qp_ioctl.in.qp_create.h_rq_cq_padding = p_qp_create->h_rq_cq->obj.hdl;
+ qp_ioctl.in.qp_create.h_sq_cq_padding = p_qp_create->h_sq_cq->obj.hdl;
if (p_qp_create->h_srq)
- qp_ioctl.in.qp_create.h_srq =
- (ib_srq_handle_t)HDL_TO_PTR(p_qp_create->h_srq->obj.hdl);
+ {
+ qp_ioctl.in.qp_create.h_srq_padding = p_qp_create->h_srq->obj.hdl;
+ }
qp_ioctl.in.context = (ULONG_PTR)h_qp;
qp_ioctl.in.ev_notify = (h_qp->pfn_event_cb != NULL) ? TRUE : FALSE;
diff -up -r -X trunk\docs\dontdiff.txt -I \$Id: old\inc\iba\ib_types.h trunk\inc\iba\ib_types.h
--- old\inc\iba\ib_types.h Fri Jul 11 16:25:07 2008
+++ trunk\inc\iba\ib_types.h Fri Jul 11 16:51:24 2008
@@ -40,7 +40,6 @@
#include <complib/cl_types.h>
#include <complib/cl_byteswap.h>
-#define HDL_TO_PTR(hdl) Handle64ToHandle( (void * __ptr64) (hdl))
#pragma warning( disable : 4201) //nameless union/structure
-------------- next part --------------
A non-text attachment was scrubbed...
Name: padding.patch
Type: application/octet-stream
Size: 17820 bytes
Desc: padding.patch
URL: <http://lists.openfabrics.org/pipermail/ofw/attachments/20080711/f6c0b3c9/attachment.obj>
More information about the ofw
mailing list