Quoting r. Hal Rosenstock <[EMAIL PROTECTED]>: > Subject: user_mad::ib_umad_read question > > Hi, > > In ib_umad_read, there is currently (or soon to be something like) the > following: > ... > packet = list_entry(file->recv_list.next, struct ib_umad_packet, > list); > list_del(&packet->list); > > spin_unlock_irq(&file->recv_lock); > > if (copy_to_user(buf, &packet->mad, > min(count, packet->length + > sizeof (struct ib_user_mad)))) > ret = -EFAULT; > else > ret = count; > > kfree(packet); > return ret; > > Should the packet be thrown away because copy_to_user() fails ? > Shouldn't it be placed back at the head of the list ? Unfortunately, > that would mean holding the recv lock longer (through the duration of > copy_to_user). > > -- Hal
copy_to_user might sleep so you cant call it under a spinlock. Since the user is only hurting himself by passing an illegal address, I'd think it doesnt hurt to drop the mad. -- MST - Michael S. Tsirkin _______________________________________________ openib-general mailing list openib-general@openib.org http://openib.org/mailman/listinfo/openib-general To unsubscribe, please visit http://openib.org/mailman/listinfo/openib-general