[ofw] [PATCH] UAL: Fix NULL dereference when polling a CEP
Fab Tillier
ftillier at windows.microsoft.com
Thu Apr 9 11:02:34 PDT 2009
Hi Stan,
I forgot on file in my patch file - too eager to prune out unrelated files.
I changed the name of the 'context' field in the IOCTL to catch all references to it at compile time.
-Fab
Signed-off-by: Fab Tillier <ftillier at microsoft.com>
Index: core/al/kernel/al_proxy_cep.c
===================================================================
--- core/al/kernel/al_proxy_cep.c (revision 2088)
+++ core/al/kernel/al_proxy_cep.c (working copy)
@@ -781,7 +781,7 @@
p_ioctl->status = al_cep_poll( p_context->h_al,
*(net32_t*)cl_ioctl_in_buf( h_ioctl ),
- &(void*)(ULONG_PTR)p_ioctl->context,
+ &(void*)(ULONG_PTR)p_ioctl->reserved,
&p_ioctl->new_cid, &p_mad );
if( p_ioctl->status == IB_SUCCESS )
Index: core/al/user/ual_cm_cep.c
===================================================================
--- core/al/user/ual_cm_cep.c (revision 2088)
+++ core/al/user/ual_cm_cep.c (working copy)
@@ -1403,7 +1403,7 @@
cl_memcpy( p_mad->p_mad_buf, ioctl.mad_buf, MAD_BLOCK_SIZE );
- *p_context = (void*)(ULONG_PTR)ioctl.context;
+ *p_context = p_cep->destroy_context;
*p_new_cid = ioctl.new_cid;
*pp_mad = p_mad;
}
Index: inc/iba/ib_al_ioctl.h
===================================================================
--- inc/iba/ib_al_ioctl.h (revision 2088)
+++ inc/iba/ib_al_ioctl.h (working copy)
@@ -3053,7 +3053,7 @@
typedef struct _ual_cep_poll_ioctl
{
ib_api_status_t status;
- uint64_t context;
+ uint64_t reserved;
net32_t new_cid;
ib_mad_element_t element;
ib_grh_t grh;
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ucep_poll2.patch
Type: application/octet-stream
Size: 1332 bytes
Desc: ucep_poll2.patch
URL: <http://lists.openfabrics.org/pipermail/ofw/attachments/20090409/fe7a98c3/attachment.obj>
More information about the ofw
mailing list