ib_srpt: Fix an out-of-bounds read that is triggered on kernel v4.4 and later

git-svn-id: http://svn.code.sf.net/p/scst/svn/trunk@7847 d57e44dd-8a1f-0410-8b47-8ef2f437770f
2026-05-21 20:51:27 +00:00 · 2018-12-31 18:54:34 +00:00
parent abeb5810e4
commit 20a98b73ad
1 changed files with 11 additions and 0 deletions
--- a/srpt/src/ib_srpt.c
+++ b/srpt/src/ib_srpt.c
@@ -1074,14 +1074,25 @@ out:
 */
 static int srpt_zerolength_write(struct srpt_rdma_ch *ch)
 {
+#ifdef USE_PRE_440_WR_STRUCTURE
 	struct ib_send_wr wr;
+#else
+	struct ib_rdma_wr wr;
+#endif
 	BAD_WR_MODIFIER struct ib_send_wr *bad_wr;

 	memset(&wr, 0, sizeof(wr));
+#ifdef USE_PRE_440_WR_STRUCTURE
 	wr.opcode = IB_WR_RDMA_WRITE;
 	wr.wr_id = encode_wr_id(SRPT_RDMA_ZEROLENGTH_WRITE, 0xffffffffUL);
 	wr.send_flags = IB_SEND_SIGNALED;
 	return ib_post_send(ch->qp, &wr, &bad_wr);
+#else
+	wr.wr.opcode = IB_WR_RDMA_WRITE;
+	wr.wr.wr_id = encode_wr_id(SRPT_RDMA_ZEROLENGTH_WRITE, 0xffffffffUL);
+	wr.wr.send_flags = IB_SEND_SIGNALED;
+	return ib_post_send(ch->qp, &wr.wr, &bad_wr);
+#endif
 }

 /**