From: Leon Romanovsky <leonro@mellanox.com>
Date: Sun, 1 Jul 2018 15:31:54 +0300
Subject: RDMA/uverbs: Don't fail in creation of multiple flows
Patch-mainline: v4.18-rc5
Git-commit: fe48aecb4df837540f13b5216f27ddb306aaf4b9
References: bsc#1103992 FATE#326009

The conversion from offsetof() calculations to sizeof()
wrongly behaved for missed exact size and in scenario with
more than one flow.

In such scenario we got "create flow failed, flow 10: 8 bytes
left from uverb cmd" error, which is wrong because the size of
kern_spec is exactly 8 bytes, and we were not supposed to fail.

Cc: <stable@vger.kernel.org> # 3.12
Fixes: 4fae7f170416 ("RDMA/uverbs: Fix slab-out-of-bounds in ib_uverbs_ex_create_flow")
Reported-by: Ran Rozenstein <ranro@mellanox.com>
Signed-off-by: Leon Romanovsky <leonro@mellanox.com>
Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
Acked-by: Thomas Bogendoerfer <tbogendoerfer@suse.de>
---
 drivers/infiniband/core/uverbs_cmd.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/drivers/infiniband/core/uverbs_cmd.c
+++ b/drivers/infiniband/core/uverbs_cmd.c
@@ -3586,7 +3586,7 @@ int ib_uverbs_ex_create_flow(struct ib_u
 	kern_spec = kern_flow_attr->flow_specs;
 	ib_spec = flow_attr + 1;
 	for (i = 0; i < flow_attr->num_of_specs &&
-			cmd.flow_attr.size > sizeof(*kern_spec) &&
+			cmd.flow_attr.size >= sizeof(*kern_spec) &&
 			cmd.flow_attr.size >= kern_spec->size;
 	     i++) {
 		err = kern_spec_to_ib_spec(