[ofw] [PATCH 2/7] mthca/mlx: add check to validate output data size

[Sean Hefty]

Only the hardware drivers know what size the output data buffer must be for
ndi_modify_qp.  Have the drivers verify that the provided data buffer is
large enough.

This fixes a crash if (say, a buggy) userspace (library under development) does
not provide a response buffer.

Signed-off-by: Sean Hefty <sean.hefty at intel.com>
---
To make things easier, I can commit this if approved.

\winverbs/hw/mthca/kernel/hca_verbs.c
--- trunk/hw/mthca/kernel/hca_verbs.c	2008-10-29 11:24:08.234375000 -0700
+++ branches\winverbs/hw/mthca/kernel/hca_verbs.c	2009-01-13 23:13:27.468750000 -0800
@@ -1266,6 +1266,11 @@ mlnx_ndi_modify_qp (
 
 	HCA_ENTER(HCA_DBG_QP);
 
+	if (buf_size < sizeof(resp.qp_state)) {
+		status = IB_INVALID_PARAMETER;
+		goto out;
+	}
+
 	/* imitate umv_buf */
 	umv_buf.command = TRUE;	/* special case for NDI. Usually it's TRUE */
 	umv_buf.input_size = 0;
@@ -1279,6 +1284,7 @@ mlnx_ndi_modify_qp (
 		*p_outbuf = resp.qp_state;
 	}
 
+out:
 	HCA_EXIT(HCA_DBG_QP);
 	return status;
 }
diff -up -r -X trunk\docs\dontdiff.txt -I '\$Id:' trunk/hw/mlx4/kernel/hca/qp.c branches\winverbs/hw/mlx4/kernel/hca/qp.c
--- trunk/hw/mlx4/kernel/hca/qp.c	2008-08-26 13:56:37.762625000 -0700
+++ branches\winverbs/hw/mlx4/kernel/hca/qp.c	2009-01-07 14:21:38.945465400 -0800
@@ -326,6 +326,11 @@ mlnx_ndi_modify_qp (
 
 	HCA_ENTER(HCA_DBG_QP);
 
+	if (buf_size < sizeof(resp.qp_state)) {
+		status = IB_INVALID_PARAMETER;
+		goto out;
+	}
+
 	/* imitate umv_buf */
 	umv_buf.command = TRUE;	/* special case for NDI. Usually it's TRUE */
 	umv_buf.input_size = 0;
@@ -339,6 +344,7 @@ mlnx_ndi_modify_qp (
 		*p_outbuf = resp.qp_state;
 	}
 
+out:
 	HCA_EXIT(HCA_DBG_QP);
 	return status;
 }