[openib-general] Re: calling to ibv_create_qp with big number in qp_init_attr.cap.max_ inline_data never return
Michael S. Tsirkin
mst at mellanox.co.il
Mon Jul 18 05:36:10 PDT 2005
Hi, Roland!
Quoting r. Roland Dreier <rolandd at cisco.com>:
> Subject: Re: calling to ibv_create_qp with big number in qp_init_attr.cap.max_ inline_data never return
>
> Dotan> the create_qp function never ends.
>
> Where does it hang? Can you do strace on the process? If it's stuck
> sleeping, what does /proc/<pid>/wchan say?
Here:
size = sizeof (struct mthca_next_seg) +
qp->sq.max_gs * sizeof (struct mthca_data_seg);
switch (qp->qpt) {
case IBV_QPT_UD:
if (mthca_is_memfree(pd->context))
size += sizeof (struct mthca_arbel_ud_seg);
else
size += sizeof (struct mthca_tavor_ud_seg);
break;
default:
/* bind seg is as big as atomic + raddr segs */
size += sizeof (struct mthca_bind_seg);
}
---->
for (qp->sq.wqe_shift = 6; 1 << qp->sq.wqe_shift < size;
qp->sq.wqe_shift++)
; /* nothing */
The problem here is that size is bigger than 0x40000000.
As a result 1 << qp->sq.wqe_shift gets to 0x80000000, which is negative,
so its less than size, and everything starts all over again.
Looking at the code, passing insanely huge values in qp params
will get all kind of overflows (e.g. size could get negative).
I think the best way is to check qp parameters for sanity in
mthca_create_qp.
--
MST
More information about the general
mailing list