[PATCH for-next v2 1/3] RDMA/rxe: Fix bug in get_srq_wqe() in rxe_resp.c
From: Bob Pearson <hidden>
Date: 2021-07-29 22:01:20
Subsystem:
infiniband subsystem, soft-roce driver (rxe), the rest · Maintainers:
Jason Gunthorpe, Leon Romanovsky, Zhu Yanjun, Linus Torvalds
The memcpy() that copies a WQE from a SRQ the QP uses an incorrect size.
The size should have been the size of the rxe_send_wqe struct not the
size of a pointer to it. The result is that IO operations using a SRQ
on the responder side will fail.
Fixes: ec0fa2445c18 ("Fix over copying in get_srq_wqe")
Signed-off-by: Bob Pearson <redacted>
---
drivers/infiniband/sw/rxe/rxe_resp.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/infiniband/sw/rxe/rxe_resp.c b/drivers/infiniband/sw/rxe/rxe_resp.c
index 685b8aebd627..5501227ddc65 100644
--- a/drivers/infiniband/sw/rxe/rxe_resp.c
+++ b/drivers/infiniband/sw/rxe/rxe_resp.c@@ -318,7 +318,7 @@ static enum resp_states get_srq_wqe(struct rxe_qp *qp) pr_warn("%s: invalid num_sge in SRQ entry\n", __func__); return RESPST_ERR_MALFORMED_WQE; } - size = sizeof(wqe) + wqe->dma.num_sge*sizeof(struct rxe_sge); + size = sizeof(*wqe) + wqe->dma.num_sge*sizeof(struct rxe_sge); memcpy(&qp->resp.srq_wqe, wqe, size); qp->resp.wqe = &qp->resp.srq_wqe.wqe;
--
2.30.2