[ofw] [PATCH] Fix TO_LONG_PTR use in IOCTLs
Leonid Keller
leonid at mellanox.co.il
Sun Jul 13 04:00:36 PDT 2008
Applied in 1387. Thank you.
> -----Original Message-----
> From: ofw-bounces at lists.openfabrics.org
> [mailto:ofw-bounces at lists.openfabrics.org] On Behalf Of Fab Tillier
> Sent: Saturday, July 12, 2008 2:58 AM
> To: ofw at lists.openfabrics.org
> Subject: [ofw] [PATCH] Fix TO_LONG_PTR use in IOCTLs
>
> Some IOCTLs transfer API structures with embedded pointers.
> These embedded pointers use the TO_LONG_PTR macro to pad
> everything out so that __ptr64 isn't used. The idea here is
> fine, but the change to eliminate the __ptr64 was riddled
> with problems that weren't caught by the find/replace brute
> force code changes.
>
> Specifically, you had code like this:
>
> >core\al\user\ual_mr.c, ual_reg_mem at 67
> >
> > /* Clear the mr_ioctl */
> > cl_memclr( &mr_ioctl, sizeof(mr_ioctl) );
>
> In theory, no uninitialized upper 32-bits of a TO_LONG_PTR
> structure would get sent to the kernel.
>
> > mr_ioctl.in.h_pd = h_pd->obj.hdl;
> > mr_ioctl.in.mem_create = *p_mr_create;
>
> Oops, the mem_create in the IOCTL buffer was overwritten with
> the caller's structure, which may have uninitialized padding.
> This isn't subsequently cleared, effectively defeating the
> purpose of the memclr.
>
> >+ mr_ioctl.in.mem_create.vaddr_padding =
> >+ (ULONG_PTR)p_mr_create->vaddr;
>
> Pretty much every instance of embedded structures in IOCTLs
> was broken in this way. There were cases where things were
> closer to being right:
>
> >core\al\user\ual_qp.c, ual_create_qp at 313
> > */
> > qp_ioctl.in.h_pd = h_pd->obj.hdl;
> > qp_ioctl.in.qp_create = *p_qp_create;
>
> Ok, same copy issue as above...
>
> > qp_ioctl.in.qp_create.h_rq_cq =
> >
> (ib_cq_handle_t)HDL_TO_PTR(p_qp_create->h_rq_cq->obj.hdl);
> > qp_ioctl.in.qp_create.h_sq_cq =
> >
> > (ib_cq_handle_t)HDL_TO_PTR(p_qp_create->h_sq_cq->obj.hdl);
>
> Ah, close but not quite - you have the assignment, but it
> only assigns the pointer part of the TO_LONG_PTR union. The
> padding is still a copy of the user's structure, potentially
> giving an invalid handle in the kernel. All uses of
> HDL_TO_PTR were eliminated as they didn't actually accomplish
> anything.
>
> This patch fixes this, and always uses the 'padding' field of
> the TO_LONG_PTR union so that the value is always fully set.
>
> There's also a bug fixed in UD work requests that get sent
> via IOCTL - the AV handle was never swizzled to its
> appropriate kernel handle.
>
> Signed-off-by: Fab Tillier <ftillier at microsoft.com>
>
> diff -up -r -X trunk\docs\dontdiff.txt -I \$Id:
> old\core\al\kernel\al_ndi_cm.c trunk\core\al\kernel\al_ndi_cm.c
> --- old\core\al\kernel\al_ndi_cm.c Fri Jul 11 16:24:31 2008
> +++ trunk\core\al\kernel\al_ndi_cm.c Fri Jul 11 16:51:24 2008
> @@ -643,7 +643,7 @@ __ndi_proc_dreq(
> static void
> __ndi_proc_rej(
> IN ib_qp_handle_t const
> h_qp,
> - IN const mad_cm_rej_t* const
> p_rej )
> + IN const mad_cm_rej_t* const
> p_rej )
> {
> KIRQL irql;
> IRP* p_irp;
> @@ -1158,7 +1158,7 @@ exit:
> if( p_query_rec->p_result_mad )
> ib_put_mad( p_query_rec->p_result_mad );
>
> - deref_al_obj( &h_qp->obj ); /* release path query
> reference */
> + deref_al_obj( &h_qp->obj ); /* release path query
> reference */
> AL_EXIT( AL_DBG_NDI );
> }
>
> @@ -1208,7 +1208,7 @@ __ndi_pr_query(
> {
> h_qp->p_irp_queue->state = NDI_CM_IDLE;
> AL_PRINT_EXIT( TRACE_LEVEL_ERROR,
> AL_DBG_ERROR, ("ib_query failed (%d)\n", status) );
> - deref_al_obj( &h_qp->obj ); /* release
> path query reference */
> + deref_al_obj( &h_qp->obj ); /* release
> path query reference */
> return ib_to_ntstatus( status );
> }
>
> @@ -1437,7 +1437,7 @@ exit:
> static void
> __ndi_fill_cm_rep(
> IN ib_qp_handle_t const
> h_qp,
> - IN ual_ndi_rep_cm_ioctl_in_t
> *p_rep,
> + IN ual_ndi_rep_cm_ioctl_in_t
> *p_rep,
> OUT ib_cm_rep_t
> *p_cm_rep)
> {
> AL_ENTER( AL_DBG_NDI );
> @@ -1676,6 +1676,4 @@ ndi_dreq_cm(
> AL_EXIT( AL_DBG_NDI );
> return status;
> }
> -
> -
>
> diff -up -r -X trunk\docs\dontdiff.txt -I \$Id:
> old\core\al\kernel\al_proxy.c trunk\core\al\kernel\al_proxy.c
> --- old\core\al\kernel\al_proxy.c Fri Jul 11 16:25:08 2008
> +++ trunk\core\al\kernel\al_proxy.c Fri Jul 11 16:51:24 2008
> @@ -776,7 +776,7 @@ __proxy_pnp_cb(
> break;
> }
>
> - p_evt_rec->pnp.h_pnp =
> (ib_pnp_handle_t)HDL_TO_PTR(p_pnp_rec->h_pnp->obj.hdl);
> + p_evt_rec->pnp.h_pnp_padding = p_pnp_rec->h_pnp->obj.hdl;
> p_pnp_rec->h_pnp->obj.hdl_valid = TRUE;
>
> hdl =
> diff -up -r -X trunk\docs\dontdiff.txt -I \$Id:
> old\core\al\kernel\al_proxy_cep.c trunk\core\al\kernel\al_proxy_cep.c
> --- old\core\al\kernel\al_proxy_cep.c Fri Jul 11 16:25:08 2008
> +++ trunk\core\al\kernel\al_proxy_cep.c Fri Jul 11 16:51:24 2008
> @@ -206,7 +206,7 @@ proxy_cep_pre_req(
>
> /* Get the kernel QP handle. */
> h_qp = (ib_qp_handle_t)al_hdl_ref(
> - p_context->h_al,
> (uint64_t)p_ioctl->in.cm_req.h_qp, AL_OBJ_TYPE_H_QP );
> + p_context->h_al, p_ioctl->in.cm_req.h_qp_padding,
> + AL_OBJ_TYPE_H_QP );
> if( !h_qp )
> {
> p_ioctl->out.status = IB_INVALID_QP_HANDLE;
> @@ -292,7 +292,7 @@ proxy_cep_pre_rep(
>
> /* Get the kernel QP handle. */
> h_qp = (ib_qp_handle_t)al_hdl_ref(
> - p_context->h_al,
> (uint64_t)p_ioctl->in.cm_rep.h_qp, AL_OBJ_TYPE_H_QP );
> + p_context->h_al, p_ioctl->in.cm_rep.h_qp_padding,
> + AL_OBJ_TYPE_H_QP );
> if( !h_qp )
> {
> p_ioctl->out.status = IB_INVALID_QP_HANDLE;
> @@ -553,7 +553,7 @@ proxy_cep_lap(
>
> /* Get the kernel QP handle. */
> h_qp = (ib_qp_handle_t)al_hdl_ref(
> - p_context->h_al,
> (uint64_t)p_ioctl->cm_lap.h_qp, AL_OBJ_TYPE_H_QP );
> + p_context->h_al, p_ioctl->cm_lap.h_qp_padding,
> + AL_OBJ_TYPE_H_QP );
> if( !h_qp )
> {
> status = IB_INVALID_QP_HANDLE; @@ -606,7
> +606,7 @@ proxy_cep_pre_apr(
>
> /* Get the kernel QP handle. */
> h_qp = (ib_qp_handle_t)al_hdl_ref(
> - p_context->h_al,
> (uint64_t)p_ioctl->in.cm_apr.h_qp, AL_OBJ_TYPE_H_QP );
> + p_context->h_al, p_ioctl->in.cm_apr.h_qp_padding,
> + AL_OBJ_TYPE_H_QP );
> if( !h_qp )
> {
> p_ioctl->out.status = IB_INVALID_QP_HANDLE;
> diff -up -r -X trunk\docs\dontdiff.txt -I \$Id:
> old\core\al\kernel\al_proxy_verbs.c
> trunk\core\al\kernel\al_proxy_verbs.c
> --- old\core\al\kernel\al_proxy_verbs.c Fri Jul 11 16:25:08 2008
> +++ trunk\core\al\kernel\al_proxy_verbs.c Fri Jul 11
> 16:51:24 2008
> @@ -350,7 +350,7 @@ proxy_ca_err_cb(
> cb_info.rec_type = CA_ERROR_REC;
> /* Return the Proxy's open_ca handle and the user's context */
> cb_info.ioctl_rec.event_rec = *p_err_rec;
> - cb_info.ioctl_rec.event_rec.handle.h_ca =
> (ib_ca_handle_t)HDL_TO_PTR(h_ca->obj.hdl);
> + cb_info.ioctl_rec.event_rec.handle.h_ca_padding =
> h_ca->obj.hdl;
>
> /* The proxy handle must be valid now. */
> if( !h_ca->obj.hdl_valid )
> @@ -987,7 +987,7 @@ proxy_srq_err_cb(
> cb_info.rec_type = SRQ_ERROR_REC;
> /* Return the Proxy's SRQ handle and the user's context */
> cb_info.ioctl_rec.event_rec = *p_err_rec;
> - cb_info.ioctl_rec.event_rec.handle.h_srq =
> (ib_srq_handle_t) HDL_TO_PTR(h_srq->obj.hdl);
> + cb_info.ioctl_rec.event_rec.handle.h_srq_padding =
> + h_srq->obj.hdl;
>
> /* The proxy handle must be valid now. */
> if( !h_srq->obj.hdl_valid )
> @@ -1291,7 +1291,7 @@ proxy_qp_err_cb(
> cb_info.rec_type = QP_ERROR_REC;
> /* Return the Proxy's QP handle and the user's context */
> cb_info.ioctl_rec.event_rec = *p_err_rec;
> - cb_info.ioctl_rec.event_rec.handle.h_qp =
> (ib_qp_handle_t)HDL_TO_PTR(h_qp->obj.hdl);
> + cb_info.ioctl_rec.event_rec.handle.h_qp_padding =
> h_qp->obj.hdl;
>
> /* The proxy handle must be valid now. */
> if( !h_qp->obj.hdl_valid )
> @@ -1345,12 +1345,12 @@ proxy_create_qp(
> h_pd = (ib_pd_handle_t)
> al_hdl_ref( p_context->h_al,
> p_ioctl->in.h_pd, AL_OBJ_TYPE_H_PD );
> h_sq_cq = (ib_cq_handle_t)al_hdl_ref( p_context->h_al,
> - (uint64_t)p_ioctl->in.qp_create.h_sq_cq,
> AL_OBJ_TYPE_H_CQ );
> + p_ioctl->in.qp_create.h_sq_cq_padding,
> AL_OBJ_TYPE_H_CQ
> + );
> h_rq_cq = (ib_cq_handle_t)al_hdl_ref( p_context->h_al,
> - (uint64_t)p_ioctl->in.qp_create.h_rq_cq,
> AL_OBJ_TYPE_H_CQ );
> + p_ioctl->in.qp_create.h_rq_cq_padding,
> AL_OBJ_TYPE_H_CQ
> + );
> if (p_ioctl->in.qp_create.h_srq) {
> h_srq = (ib_srq_handle_t)al_hdl_ref( p_context->h_al,
> -
> (uint64_t)p_ioctl->in.qp_create.h_srq, AL_OBJ_TYPE_H_SRQ );
> + p_ioctl->in.qp_create.h_srq_padding,
> + AL_OBJ_TYPE_H_SRQ );
> if( !h_srq)
> {
> status = IB_INVALID_SRQ_HANDLE; @@
> -1490,26 +1490,24 @@ proxy_query_qp(
> {
> if( p_ioctl->out.attr.h_pd )
> {
> - p_ioctl->out.attr.h_pd =
> -
> (ib_pd_handle_t)HDL_TO_PTR(p_ioctl->out.attr.h_pd->obj.hdl);
> + p_ioctl->out.attr.h_pd_padding =
> + p_ioctl->out.attr.h_pd->obj.hdl;
> }
>
> if( p_ioctl->out.attr.h_sq_cq )
> {
> - p_ioctl->out.attr.h_sq_cq =
> -
> (ib_cq_handle_t)HDL_TO_PTR(p_ioctl->out.attr.h_sq_cq->obj.hdl);
> + p_ioctl->out.attr.h_sq_cq_padding =
> + p_ioctl->out.attr.h_sq_cq->obj.hdl;
> }
>
> if( p_ioctl->out.attr.h_rq_cq )
> {
> - p_ioctl->out.attr.h_rq_cq =
> -
> (ib_cq_handle_t)HDL_TO_PTR(p_ioctl->out.attr.h_rq_cq->obj.hdl);
> + p_ioctl->out.attr.h_rq_cq_padding =
> + p_ioctl->out.attr.h_rq_cq->obj.hdl;
> }
>
> if( p_ioctl->out.attr.h_srq )
> {
> - p_ioctl->out.attr.h_srq =
> -
> (ib_srq_handle_t)HDL_TO_PTR(p_ioctl->out.attr.h_srq->obj.hdl);
> + p_ioctl->out.attr.h_srq_padding =
> + p_ioctl->out.attr.h_srq->obj.hdl;
> }
> }
> else
> @@ -2044,7 +2042,7 @@ proxy_cq_err_cb(
> cb_info.rec_type = CQ_ERROR_REC;
> /* Return the Proxy's cq handle and the user's context */
> cb_info.ioctl_rec.event_rec = *p_err_rec;
> - cb_info.ioctl_rec.event_rec.handle.h_cq =
> (ib_cq_handle_t)HDL_TO_PTR(h_cq->obj.hdl);
> + cb_info.ioctl_rec.event_rec.handle.h_cq_padding =
> h_cq->obj.hdl;
>
> /* The proxy handle must be valid now. */
> if( !h_cq->obj.hdl_valid )
> @@ -2358,7 +2356,7 @@ proxy_post_send(
> {
> /* Validate the AV handle for UD */
> h_av = (ib_av_handle_t)al_hdl_ref(
> p_context->h_al,
> -
> (uint64_t)p_wr[i].dgrm.ud.h_av, AL_OBJ_TYPE_H_AV );
> + p_wr[i].dgrm.ud.h_av_padding,
> + AL_OBJ_TYPE_H_AV );
> if( !h_av )
> {
> status =
> IB_INVALID_AV_HANDLE; @@ -3039,8 +3037,7 @@ proxy_query_mr(
> if( status == IB_SUCCESS )
> {
> /* Replace the pd handle with proxy's handle */
> - p_ioctl->out.attr.h_pd =
> -
> (ib_pd_handle_t)HDL_TO_PTR(p_ioctl->out.attr.h_pd->obj.hdl);
> + p_ioctl->out.attr.h_pd_padding =
> + p_ioctl->out.attr.h_pd->obj.hdl;
> }
> else
> {
> @@ -3484,7 +3481,7 @@ proxy_bind_mw(
>
> /* Validate MR handle */
> h_mr = (ib_mr_handle_t)al_hdl_ref( p_context->h_al,
> - (uint64_t)p_ioctl->in.mw_bind.h_mr,
> AL_OBJ_TYPE_H_MR );
> + p_ioctl->in.mw_bind.h_mr_padding, AL_OBJ_TYPE_H_MR );
> if( !h_mr )
> {
> status = IB_INVALID_MR_HANDLE; diff -up -r -X
> trunk\docs\dontdiff.txt -I \$Id:
> old\core\al\user\ual_cm_cep.c trunk\core\al\user\ual_cm_cep.c
> --- old\core\al\user\ual_cm_cep.c Fri Jul 11 16:25:08 2008
> +++ trunk\core\al\user\ual_cm_cep.c Fri Jul 11 16:51:24 2008
> @@ -449,7 +449,7 @@ al_cep_listen(
> DWORD bytes_ret;
>
> AL_ENTER( AL_DBG_CM );
> - cl_memclr(&ioctl, sizeof(ioctl));
> +
> if( !h_al )
> {
> AL_EXIT( AL_DBG_CM );
> @@ -464,6 +464,7 @@ al_cep_listen(
>
> ioctl.cid = cid;
> ioctl.cep_listen = *p_listen_info;
> + ioctl.cep_listen.p_cmp_buf_padding = 0;
> if( p_listen_info->p_cmp_buf )
> {
> if( p_listen_info->cmp_len >
> IB_REQ_PDATA_SIZE ) @@ -473,6 +474,7 @@ al_cep_listen(
> return IB_INVALID_SETTING;
> }
>
> + ioctl.cep_listen.p_cmp_buf_padding = 1;
> cl_memcpy( ioctl.compare, p_listen_info->p_cmp_buf,
> p_listen_info->cmp_len );
> }
> @@ -520,14 +522,19 @@ al_cep_pre_req(
> AL_EXIT( AL_DBG_ERROR );
> return IB_INVALID_PARAMETER;
> }
> - cl_memclr(&ioctl, sizeof(ioctl));
> +
> ioctl.in.cid = cid;
> ioctl.in.cm_req = *p_cm_req;
> - ioctl.in.cm_req.h_qp = (ib_qp_handle_t)
> HDL_TO_PTR(p_cm_req->h_qp->obj.hdl);
> + ioctl.in.cm_req.h_qp_padding = p_cm_req->h_qp->obj.hdl;
> ioctl.in.paths[0] = *(p_cm_req->p_primary_path);
> + ioctl.in.cm_req.p_alt_path_padding = 0;
> if( p_cm_req->p_alt_path )
> + {
> + ioctl.in.cm_req.p_alt_path_padding = 1;
> ioctl.in.paths[1] = *(p_cm_req->p_alt_path);
> + }
> /* Copy private data, if any. */
> + ioctl.in.cm_req.p_req_pdata_padding = 0;
> if( p_cm_req->p_req_pdata )
> {
> if( p_cm_req->req_length > IB_REQ_PDATA_SIZE
> ) @@ -537,11 +544,13 @@ al_cep_pre_req(
> return IB_INVALID_SETTING;
> }
>
> + ioctl.in.cm_req.p_req_pdata_padding = 1;
> cl_memcpy( ioctl.in.pdata, p_cm_req->p_req_pdata,
> p_cm_req->req_length );
> }
>
> /* Copy compare data, if any. */
> + ioctl.in.cm_req.p_compare_buffer_padding = 0;
> if( p_cm_req->p_compare_buffer )
> {
> if( p_cm_req->compare_length >
> IB_REQ_PDATA_SIZE ) @@ -551,6 +560,7 @@ al_cep_pre_req(
> return IB_INVALID_SETTING;
> }
>
> + ioctl.in.cm_req.p_compare_buffer_padding = 1;
> cl_memcpy( ioctl.in.compare,
> p_cm_req->p_compare_buffer,
> p_cm_req->compare_length );
> }
> @@ -635,7 +645,6 @@ al_cep_pre_rep(
> AL_EXIT( AL_DBG_ERROR );
> return IB_INVALID_PARAMETER;
> }
> - cl_memclr(&ioctl, sizeof (ioctl));
>
> /* Store the context for the CEP. */
> cl_spinlock_acquire( &gp_cep_mgr->obj.lock ); @@
> -652,8 +661,9 @@ al_cep_pre_rep(
> ioctl.in.context = (ULONG_PTR)context;
> ioctl.in.cid = cid;
> ioctl.in.cm_rep = *p_cm_rep;
> - ioctl.in.cm_rep.h_qp =
> (ib_qp_handle_t)HDL_TO_PTR(p_cm_rep->h_qp->obj.hdl);
> + ioctl.in.cm_rep.h_qp_padding = p_cm_rep->h_qp->obj.hdl;
> /* Copy private data, if any. */
> + ioctl.in.cm_rep.p_rep_pdata_padding = 0;
> if( p_cm_rep->p_rep_pdata )
> {
> if( p_cm_rep->rep_length > IB_REP_PDATA_SIZE
> ) @@ -663,6 +673,7 @@ al_cep_pre_rep(
> return IB_INVALID_SETTING;
> }
>
> + ioctl.in.cm_rep.p_rep_pdata_padding = 1;
> cl_memcpy( ioctl.in.pdata, p_cm_rep->p_rep_pdata,
> p_cm_rep->rep_length );
> }
> @@ -823,7 +834,7 @@ al_cep_rtu(
> AL_EXIT( AL_DBG_CM );
> return IB_INVALID_HANDLE;
> }
> - cl_memclr(&ioctl, sizeof(ioctl));
> +
> ioctl.cid = cid;
> /* Copy private data, if any. */
> if( p_pdata )
> @@ -874,7 +885,7 @@ al_cep_rej(
> AL_EXIT( AL_DBG_CM );
> return IB_INVALID_HANDLE;
> }
> - cl_memclr(&ioctl, sizeof(ioctl));
> +
> ioctl.cid = cid;
> ioctl.rej_status = rej_status;
> if( p_ari )
> @@ -948,9 +959,10 @@ al_cep_mra(
> AL_EXIT( AL_DBG_CM );
> return IB_INVALID_HANDLE;
> }
> - cl_memclr(&ioctl, sizeof (ioctl));
> +
> ioctl.cid = cid;
> ioctl.cm_mra = *p_cm_mra;
> + ioctl.cm_mra.p_mra_pdata_padding = 0;
> /* Copy private data, if any. */
> if( p_cm_mra->p_mra_pdata )
> {
> @@ -961,6 +973,7 @@ al_cep_mra(
> return IB_INVALID_SETTING;
> }
>
> + ioctl.cm_mra.p_mra_pdata_padding = 1;
> cl_memcpy(
> ioctl.pdata, p_cm_mra->p_mra_pdata,
> p_cm_mra->mra_length );
> }
> @@ -1008,12 +1021,13 @@ al_cep_lap(
> AL_EXIT( AL_DBG_CM );
> return IB_INVALID_HANDLE;
> }
> - cl_memclr(&ioctl,sizeof (ioctl));
> +
> ioctl.cid = cid;
> ioctl.cm_lap = *p_cm_lap;
> - ioctl.cm_lap.h_qp = (ib_qp_handle_t)
> HDL_TO_PTR(p_cm_lap->h_qp->obj.hdl);
> + ioctl.cm_lap.h_qp_padding = p_cm_lap->h_qp->obj.hdl;
> ioctl.alt_path = *(p_cm_lap->p_alt_path);
> /* Copy private data, if any. */
> + ioctl.cm_lap.p_lap_pdata_padding = 0;
> if( p_cm_lap->p_lap_pdata )
> {
> if( p_cm_lap->lap_length > IB_LAP_PDATA_SIZE
> ) @@ -1023,6 +1037,7 @@ al_cep_lap(
> return IB_INVALID_SETTING;
> }
>
> + ioctl.cm_lap.p_lap_pdata_padding = 1;
> cl_memcpy(
> ioctl.pdata, p_cm_lap->p_lap_pdata,
> p_cm_lap->lap_length );
> }
> @@ -1064,10 +1079,11 @@ al_cep_pre_apr(
> AL_EXIT( AL_DBG_CM );
> return IB_INVALID_PARAMETER;
> }
> - cl_memclr(&ioctl, sizeof (ioctl));
> +
> ioctl.in.cid = cid;
> ioctl.in.cm_apr = *p_cm_apr;
> - ioctl.in.cm_apr.h_qp =
> (ib_qp_handle_t)HDL_TO_PTR(p_cm_apr->h_qp->obj.hdl);
> + ioctl.in.cm_apr.h_qp_padding = p_cm_apr->h_qp->obj.hdl;
> + ioctl.in.cm_apr.p_info_padding = 0;
> if( p_cm_apr->p_info )
> {
> if( p_cm_apr->info_length > IB_APR_INFO_SIZE
> ) @@ -1077,19 +1093,22 @@ al_cep_pre_apr(
> return IB_INVALID_SETTING;
> }
>
> + ioctl.in.cm_apr.p_info_padding = 1;
> cl_memcpy(
> ioctl.in.apr_info, p_cm_apr->p_info,
> p_cm_apr->info_length );
> }
> /* Copy private data, if any. */
> + ioctl.in.cm_apr.p_apr_pdata_padding = 0;
> if( p_cm_apr->p_apr_pdata )
> {
> - if( p_cm_apr->apr_length > IB_APR_PDATA_SIZE)
> //TODO ??????
> + if( p_cm_apr->apr_length > IB_APR_PDATA_SIZE )
> {
> AL_PRINT_EXIT(TRACE_LEVEL_ERROR ,AL_DBG_ERROR,
> ("private data larger than
> APR private data.\n") );
> return IB_INVALID_SETTING;
> }
>
> + ioctl.in.cm_apr.p_apr_pdata_padding = 1;
> cl_memcpy(
> ioctl.in.pdata,
> p_cm_apr->p_apr_pdata, p_cm_apr->apr_length );
> }
> @@ -1159,7 +1178,7 @@ al_cep_dreq(
> AL_EXIT( AL_DBG_CM );
> return IB_INVALID_HANDLE;
> }
> - cl_memclr(&ioctl, sizeof(ioctl));
> +
> ioctl.cid = cid;
> /* Copy private data, if any. */
> if( p_pdata )
> diff -up -r -X trunk\docs\dontdiff.txt -I \$Id:
> old\core\al\user\ual_mr.c trunk\core\al\user\ual_mr.c
> --- old\core\al\user\ual_mr.c Tue Jul 01 10:36:06 2008
> +++ trunk\core\al\user\ual_mr.c Fri Jul 11 16:51:24 2008
> @@ -65,11 +65,9 @@ ual_reg_mem(
>
> AL_ENTER( AL_DBG_MR );
>
> - /* Clear the mr_ioctl */
> - cl_memclr( &mr_ioctl, sizeof(mr_ioctl) );
> -
> mr_ioctl.in.h_pd = h_pd->obj.hdl;
> mr_ioctl.in.mem_create = *p_mr_create;
> + mr_ioctl.in.mem_create.vaddr_padding =
> + (ULONG_PTR)p_mr_create->vaddr;
>
> cl_status = do_al_dev_ioctl( UAL_REG_MR,
> &mr_ioctl.in, sizeof(mr_ioctl.in),
> &mr_ioctl.out, sizeof(mr_ioctl.out), diff -up -r -X
> trunk\docs\dontdiff.txt -I \$Id: old\core\al\user\ual_mw.c
> trunk\core\al\user\ual_mw.c
> --- old\core\al\user\ual_mw.c Fri Jul 11 16:25:07 2008
> +++ trunk\core\al\user\ual_mw.c Fri Jul 11 16:51:24 2008
> @@ -280,7 +280,7 @@ ual_bind_mw(
> mw_ioctl.in.h_mw = h_mw->obj.hdl;
> mw_ioctl.in.h_qp = h_qp->obj.hdl;
> mw_ioctl.in.mw_bind = *p_mw_bind;
> - mw_ioctl.in.mw_bind.h_mr = (ib_mr_handle_t)
> HDL_TO_PTR(p_mw_bind->h_mr->obj.hdl);
> + mw_ioctl.in.mw_bind.h_mr_padding = p_mw_bind->h_mr->obj.hdl;
>
> cl_status = do_al_dev_ioctl( UAL_BIND_MW,
> &mw_ioctl.in, sizeof(mw_ioctl.in),
> &mw_ioctl.out, sizeof(mw_ioctl.out), diff -up -r -X
> trunk\docs\dontdiff.txt -I \$Id: old\core\al\user\ual_qp.c
> trunk\core\al\user\ual_qp.c
> --- old\core\al\user\ual_qp.c Fri Jul 11 16:25:08 2008
> +++ trunk\core\al\user\ual_qp.c Fri Jul 11 16:51:24 2008
> @@ -115,7 +115,14 @@ ual_post_send(
> num_wr = 0;
> for( p_wr = p_send_wr; p_wr; p_wr = p_wr->p_next )
> {
> - p_qp_ioctl->in.send_wr[num_wr++] = *p_wr;
> + /* pNext and pDs pointer is set by the kernel
> proxy. */
> + p_qp_ioctl->in.send_wr[num_wr] = *p_wr;
> + if( h_qp->type == IB_QPT_UNRELIABLE_DGRM )
> + {
> +
> p_qp_ioctl->in.send_wr[num_wr].dgrm.ud.h_av_padding =
> + p_wr->dgrm.ud.h_av->obj.hdl;
> + }
> + num_wr++;
> cl_memcpy(
> p_ds, p_wr->ds_array,
> sizeof(ib_local_ds_t) * p_wr->num_ds );
> p_ds += p_wr->num_ds;
> @@ -222,6 +229,7 @@ ual_post_recv(
> num_wr = 0;
> for( p_wr = p_recv_wr; p_wr; p_wr = p_wr->p_next )
> {
> + /* pNext and pDs pointer is set by the kernel
> proxy. */
> p_qp_ioctl->in.recv_wr[num_wr++] = *p_wr;
> cl_memcpy(
> p_ds, p_wr->ds_array,
> sizeof(ib_local_ds_t) * p_wr->num_ds ); @@ -313,13 +321,12 @@
> ual_create_qp(
> */
> qp_ioctl.in.h_pd = h_pd->obj.hdl;
> qp_ioctl.in.qp_create = *p_qp_create;
> - qp_ioctl.in.qp_create.h_rq_cq =
> -
> (ib_cq_handle_t)HDL_TO_PTR(p_qp_create->h_rq_cq->obj.hdl);
> - qp_ioctl.in.qp_create.h_sq_cq =
> -
> (ib_cq_handle_t)HDL_TO_PTR(p_qp_create->h_sq_cq->obj.hdl);
> + qp_ioctl.in.qp_create.h_rq_cq_padding =
> p_qp_create->h_rq_cq->obj.hdl;
> + qp_ioctl.in.qp_create.h_sq_cq_padding =
> + p_qp_create->h_sq_cq->obj.hdl;
> if (p_qp_create->h_srq)
> - qp_ioctl.in.qp_create.h_srq =
> -
> (ib_srq_handle_t)HDL_TO_PTR(p_qp_create->h_srq->obj.hdl);
> + {
> + qp_ioctl.in.qp_create.h_srq_padding =
> p_qp_create->h_srq->obj.hdl;
> + }
> qp_ioctl.in.context = (ULONG_PTR)h_qp;
> qp_ioctl.in.ev_notify = (h_qp->pfn_event_cb != NULL)
> ? TRUE : FALSE;
>
> diff -up -r -X trunk\docs\dontdiff.txt -I \$Id:
> old\inc\iba\ib_types.h trunk\inc\iba\ib_types.h
> --- old\inc\iba\ib_types.h Fri Jul 11 16:25:07 2008
> +++ trunk\inc\iba\ib_types.h Fri Jul 11 16:51:24 2008
> @@ -40,7 +40,6 @@
> #include <complib/cl_types.h>
> #include <complib/cl_byteswap.h>
>
> -#define HDL_TO_PTR(hdl) Handle64ToHandle( (void * __ptr64) (hdl))
>
> #pragma warning( disable : 4201) //nameless union/structure
>
>
More information about the ofw
mailing list