[openib-general] [libmthca] patch to check the value of cqe in create_cq/modify_cq
Dotan Barak
dotanb at mellanox.co.il
Tue Jul 4 05:36:48 PDT 2006
Passing huge size values to create_cq/resize_cq causes hang in align_cq_size.
Fix this by validating input, similiar to what we do for create_qp.
Signed-off-by: Dotan Barak <dotanb at mellanox.co.il>
Signed-off-by: Michael S. Tsirkin <mst at mellanox.co.il>
Index: last_stable/src/userspace/libmthca/src/verbs.c
===================================================================
--- last_stable.orig/src/userspace/libmthca/src/verbs.c 2006-07-04 15:22:20.000000000 +0300
+++ last_stable/src/userspace/libmthca/src/verbs.c 2006-07-04 15:23:49.000000000 +0300
@@ -174,6 +174,10 @@ struct ibv_cq *mthca_create_cq(struct ib
struct mthca_cq *cq;
int ret;
+ /* Sanity check CQ size before proceeding */
+ if (cqe > 131072)
+ return NULL;
+
cq = malloc(sizeof *cq);
if (!cq)
return NULL;
@@ -264,6 +268,10 @@ int mthca_resize_cq(struct ibv_cq *ibcq,
int old_cqe;
int ret;
+ /* Sanity check CQ size before proceeding */
+ if (cqe > 131072)
+ return EINVAL;
+
pthread_spin_lock(&cq->lock);
cqe = align_cq_size(cqe);
More information about the general
mailing list