nvme/rdma: fix a stack-buffer-overflow error

spdk_mem_map_translate() dereference a uint64_t * to get a
8-bytes long integer, but nvme_rdma_build_sgl_request() just passes
a 4-bytes long integer as last parameter, this causes a
stack-buffer-overflow error.

Reported in 3ba5ea9087.1539172863/fedora-05/build.log

Change-Id: Id1cda22114fef466dbb930b502e3a68310331f0e
Signed-off-by: wuzhouhui <wuzhouhui@kingsoft.com>
Reviewed-on: https://review.gerrithub.io/428693
Chandler-Test-Pool: SPDK Automated Test System <sys_sgsw@intel.com>
Tested-by: SPDK CI Jenkins <sys_sgci@intel.com>
Reviewed-by: Ben Walker <benjamin.walker@intel.com>
Reviewed-by: Changpeng Liu <changpeng.liu@intel.com>

lib/nvme/nvme_rdma.c

@@ -929,8 +929,8 @@ nvme_rdma_build_sgl_request(struct nvme_rdma_qpair *rqpair,
 	struct spdk_nvmf_cmd *cmd = &rqpair->cmds[rdma_req->id];
 	struct ibv_mr *mr = NULL;
 	void *virt_addr;
-	uint64_t remaining_size;
-	uint32_t sge_length, mr_length;
+	uint64_t remaining_size, mr_length;
+	uint32_t sge_length;
 	int rc, max_num_sgl, num_sgl_desc;
 
 	assert(req->payload_size != 0);
@@ -953,7 +953,7 @@ nvme_rdma_build_sgl_request(struct nvme_rdma_qpair *rqpair,
 		mr_length = sge_length;
 
 		mr = (struct ibv_mr *)spdk_mem_map_translate(rqpair->mr_map->map, (uint64_t)virt_addr,
-				(uint64_t *)&mr_length);
+				&mr_length);
 
 		if (mr == NULL || mr_length < sge_length) {
 			return -1;