Michael> Another problem is that fls may return 32 and you end up
Michael> with 1 << 32 which AFAIK has undefined behaviour in C. I
Michael> guess kernel clients can be trusted not to, but uverbs
Michael> better check this.
Good point. Maybe something like this would be a good idea?
- R.
--- infiniband/hw/mthca/mthca_qp.c (revision 2360)
+++ infiniband/hw/mthca/mthca_qp.c (working copy)
@@ -1210,6 +1210,11 @@ static int mthca_alloc_qp_common(struct
static int mthca_set_qp_size(struct mthca_dev *dev, struct ib_qp_cap *cap,
struct mthca_qp *qp)
{
+ /* Sanity check QP size before proceeding */
+ if (cap->max_send_wr > 65536 || cap->max_recv_wr > 65536 ||
+ cap->max_send_sge > 64 || cap->max_recv_sge > 64)
+ return -EINVAL;
+
if (mthca_is_memfree(dev)) {
qp->rq.max = cap->max_recv_wr ?
roundup_pow_of_two(cap->max_recv_wr) : 0;
_______________________________________________
openib-general mailing list
[email protected]
http://openib.org/mailman/listinfo/openib-general
To unsubscribe, please visit http://openib.org/mailman/listinfo/openib-general
