[openib-general] [PATCH] libmthca: fix range checking for mthca_create_srq
Michael S. Tsirkin
mst at mellanox.co.il
Tue Jul 11 03:59:30 PDT 2006
If SRQ max_wr is too high, srq buf size calculation
srq->buf_size = srq->max << srq->wqe_shift
overflows, resulting in crash on buffer access.
The simplest solution is to limit max_wr since practically hardware
limits us to less than 1 << 16 WRs.
Signed-off-by: Michael S. Tsirkin <mst at mellanox.co.il>
Index: openib/src/userspace/libmthca/src/verbs.c
===================================================================
--- openib/src/userspace/libmthca/src/verbs.c (revision 8484)
+++ openib/src/userspace/libmthca/src/verbs.c (working copy)
@@ -372,7 +372,7 @@ struct ibv_srq *mthca_create_srq(struct
int ret;
/* Sanity check SRQ size before proceeding */
- if (attr->attr.max_wr > 16 << 20 || attr->attr.max_sge > 64)
+ if (attr->attr.max_wr >= 1 << 16 || attr->attr.max_sge > 64)
return NULL;
srq = malloc(sizeof *srq);
--
MST
More information about the general
mailing list