[ofw] [PATCH] UAL: Fix NULL dereference when polling a CEP (v2)
Fab Tillier
ftillier at windows.microsoft.com
Thu Apr 9 11:51:09 PDT 2009
This is an updated patch based on feedback from Sean. It removes the 'context' field of the ual_cep_poll_ioctl_t structure.
Signed-off-by: Fab Tillier <ftillier at microsoft.com>
Index: core/al/kernel/al_proxy_cep.c
===================================================================
--- core/al/kernel/al_proxy_cep.c (revision 2088)
+++ core/al/kernel/al_proxy_cep.c (working copy)
@@ -763,6 +763,7 @@
al_dev_open_context_t *p_context;
ual_cep_poll_ioctl_t *p_ioctl;
ib_mad_element_t *p_mad = NULL;
+ void* dummy;
AL_ENTER( AL_DBG_CM );
@@ -781,7 +782,7 @@
p_ioctl->status = al_cep_poll( p_context->h_al,
*(net32_t*)cl_ioctl_in_buf( h_ioctl ),
- &(void*)(ULONG_PTR)p_ioctl->context,
+ &dummy,
&p_ioctl->new_cid, &p_mad );
if( p_ioctl->status == IB_SUCCESS )
Index: core/al/user/ual_cm_cep.c
===================================================================
--- core/al/user/ual_cm_cep.c (revision 2088)
+++ core/al/user/ual_cm_cep.c (working copy)
@@ -1403,7 +1403,7 @@
cl_memcpy( p_mad->p_mad_buf, ioctl.mad_buf, MAD_BLOCK_SIZE );
- *p_context = (void*)(ULONG_PTR)ioctl.context;
+ *p_context = p_cep->destroy_context;
*p_new_cid = ioctl.new_cid;
*pp_mad = p_mad;
}
Index: inc/iba/ib_al_ioctl.h
===================================================================
--- inc/iba/ib_al_ioctl.h (revision 2088)
+++ inc/iba/ib_al_ioctl.h (working copy)
@@ -3053,7 +3053,6 @@
typedef struct _ual_cep_poll_ioctl
{
ib_api_status_t status;
- uint64_t context;
net32_t new_cid;
ib_mad_element_t element;
ib_grh_t grh;
More information about the ofw
mailing list