[ofw][PATCH] [IBBUS][WinVerbs][SDP] Validation ofnon-zerosizewhen calling to ExAllocatePoolWithTag

[Sean Hefty]

>static ib_ca_attr_t *WmQueryCaAttributes(WM_IB_DEVICE *pDevice)
>{
>	ib_ca_attr_t	*attr;
>	UINT32			size;
>	ib_api_status_t	ib_status;
>
>	size = 0;
>	ib_status = pDevice->VerbsInterface.Verbs.
>
>query_ca(pDevice->VerbsInterface.Verbs.p_hca_obj, NULL, &size, NULL);
>	if (ib_status != IB_INSUFFICIENT_MEMORY) {
>		attr = NULL;
>		goto out;
>	}
>
>	attr = ExAllocatePoolWithTag(PagedPool, size, 'acmw');
>	if (attr == NULL) {
>		goto out;
>	}
>
>The function query_ca is being called with a NULL pointer and size =0 in
>order to receive the correct amount of memory.
>Next we check what happens if (ib_status == IB_INSUFFICIENT_MEMORY). We
>treat this as a legal return value.
>But please note that this value can mean two things:
>	1) The function has returned as expected and all is well. Since
>the out value was NULL it didn't write the result but size points to the
>amount of memory that should be allocated.
>	2) (this is the case that the verifier has caught) The function
>was running. When it needed to allocate memory it failed. It now returns
>with status == IB_INSUFFICIENT_MEMORY and size ==0. This is a legal
>value for the query_ca() function.

I believe that the calling code is correct according to the API.  According to
the documentation for the call:

*	p_size
...
*		On output, the number of bytes used or needed to copy all CA
*		attribute information.
...
* NOTES
*	Users may obtain the size of the data buffer required to obtain the
*	CA attributes by calling this function with p_ca_attr set to NULL.
*	The channel interface will then return the necessary size in the
*	variable referenced by the p_size parameter.  The caller can then
allocate

p_ca_attr is set to NULL, but the required size is not set correctly.  If the
underlying implementation cannot determine what the correct value for p_size
should be, then I think the best solution is to return some other error value.

- Sean