[ofw] [PATCH 13/?] Don't corrupt the stack

Fab Tillier ftillier at microsoft.com
Mon Jun 18 20:08:14 PDT 2012


This patch fixes a bug in PD creation where the user-mode data for kernel callers is discarded, so references a dummy variable on the stack.  Unfortunately, the dummy variable referenced goes out of scope before it is written.  Oops.

Signed-off-by: Fab Tillier <ftillier at microsoft.com>

Index: hw/mlx4/kernel/hca/pd.c
===================================================================
--- hw/mlx4/kernel/hca/pd.c	(revision 3414)
+++ hw/mlx4/kernel/hca/pd.c	(working copy)
@@ -78,9 +78,8 @@
 				0, sizeof(p_resp->pdn));
 		}
 		else {
-			u32 pdn;
-			INIT_UDATA(&udata, NULL, &pdn, 
-				0, sizeof(pdn));
+            // Discard PDN output, so use status as temp storage.
+            INIT_UDATA(&udata, NULL, &status, 0, sizeof(status));
 		}
 	}
 	else {
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 13.stack_corrupt.patch
Type: application/octet-stream
Size: 488 bytes
Desc: 13.stack_corrupt.patch
URL: <http://lists.openfabrics.org/pipermail/ofw/attachments/20120619/df304803/attachment.obj>


More information about the ofw mailing list