RDMa/uverbs: Copy ex_hdr outside of SRCU read lock

The SRCU read lock protects the IB device pointer
and doesn't need to be called before copying user
provided header.

Signed-off-by: Leon Romanovsky <leonro@mellanox.com>
Signed-off-by: Doug Ledford <dledford@redhat.com>

diff --git a/drivers/infiniband/core/uverbs_main.c b/drivers/infiniband/core/uverbs_main.c
index ff70e1ead1badd9d159305bd164a4e78d70bb6bd..a23cf9e33b9829ac26cc0afaaa0251ae1d09e4e8 100644 (file)
--- a/drivers/infiniband/core/uverbs_main.c
+++ b/drivers/infiniband/core/uverbs_main.c
@@ -709,8 +709,12 @@ static ssize_t ib_uverbs_write(struct file *filp, const char __user *buf,
            (command != IB_USER_VERBS_CMD_GET_CONTEXT || extended))
                return -EINVAL;
 
-       if (extended && count < (sizeof(hdr) + sizeof(ex_hdr)))
-               return -EINVAL;
+       if (extended) {
+               if (count < (sizeof(hdr) + sizeof(ex_hdr)))
+                       return -EINVAL;
+               if (copy_from_user(&ex_hdr, buf + sizeof(hdr), sizeof(ex_hdr)))
+                       return -EFAULT;
+       }
 
        srcu_key = srcu_read_lock(&file->device->disassociate_srcu);
        ib_dev = srcu_dereference(file->device->ib_dev,
@@ -740,11 +744,6 @@ static ssize_t ib_uverbs_write(struct file *filp, const char __user *buf,
                struct ib_udata uhw;
                size_t written_count = count;
 
-               if (copy_from_user(&ex_hdr, buf + sizeof(hdr), sizeof(ex_hdr))) {
-                       ret = -EFAULT;
-                       goto out;
-               }
-
                count -= sizeof(hdr) + sizeof(ex_hdr);
                buf += sizeof(hdr) + sizeof(ex_hdr);