RDMA/hns: Fix wrong judgments of udata->outlen

These judgments were used to keep the compatibility with older versions of
userspace that don't have the field named "cap_flags" in structure
hns_roce_ib_create_cq_resp. But it will be wrong to compare outlen with
the size of resp if another new field were added in resp. oulen should be
compared with the end offset of cap_flags in resp.

Fixes: 4f8f0d5e33dd ("RDMA/hns: Package the flow of creating cq")
Link: https://lore.kernel.org/r/1583845569-47257-1-git-send-email-liweihang@huawei.com
Signed-off-by: Weihang Li <liweihang@huawei.com>
Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>

diff --git a/drivers/infiniband/hw/hns/hns_roce_cq.c b/drivers/infiniband/hw/hns/hns_roce_cq.c
index 5ffe4c996ed3dca59c63384c05e5eab695b9e567..5bfb52ffd5908712154803e956b040c73fe78b81 100644 (file)
--- a/drivers/infiniband/hw/hns/hns_roce_cq.c
+++ b/drivers/infiniband/hw/hns/hns_roce_cq.c
@@ -257,8 +257,8 @@ static int create_user_cq(struct hns_roce_dev *hr_dev,
                return ret;
        }
 
-       if ((hr_dev->caps.flags & HNS_ROCE_CAP_FLAG_RECORD_DB) &&
-           (udata->outlen >= sizeof(*resp))) {
+       if (hr_dev->caps.flags & HNS_ROCE_CAP_FLAG_RECORD_DB &&
+           udata->outlen >= offsetofend(typeof(*resp), cap_flags)) {
                ret = hns_roce_db_map_user(context, udata, ucmd.db_addr,
                                           &hr_cq->db);
                if (ret) {
@@ -321,8 +321,8 @@ static void destroy_user_cq(struct hns_roce_dev *hr_dev,
        struct hns_roce_ucontext *context = rdma_udata_to_drv_context(
                                   udata, struct hns_roce_ucontext, ibucontext);
 
-       if ((hr_dev->caps.flags & HNS_ROCE_CAP_FLAG_RECORD_DB) &&
-           (udata->outlen >= sizeof(*resp)))
+       if (hr_dev->caps.flags & HNS_ROCE_CAP_FLAG_RECORD_DB &&
+           udata->outlen >= offsetofend(typeof(*resp), cap_flags))
                hns_roce_db_unmap_user(context, &hr_cq->db);
 
        hns_roce_mtt_cleanup(hr_dev, &hr_cq->mtt);