Hi, Roland!
Quoting r. Roland Dreier <[EMAIL PROTECTED]>:
> Subject: Re: calling to ibv_create_qp with big number in
> qp_init_attr.cap.max_ inline_data never return
>
> Dotan> the create_qp function never ends.
>
> Where does it hang? Can you do strace on the process? If it's stuck
> sleeping, what does /proc/<pid>/wchan say?
Here:
size = sizeof (struct mthca_next_seg) +
qp->sq.max_gs * sizeof (struct mthca_data_seg);
switch (qp->qpt) {
case IBV_QPT_UD:
if (mthca_is_memfree(pd->context))
size += sizeof (struct mthca_arbel_ud_seg);
else
size += sizeof (struct mthca_tavor_ud_seg);
break;
default:
/* bind seg is as big as atomic + raddr segs */
size += sizeof (struct mthca_bind_seg);
}
---->
for (qp->sq.wqe_shift = 6; 1 << qp->sq.wqe_shift < size;
qp->sq.wqe_shift++)
; /* nothing */
The problem here is that size is bigger than 0x40000000.
As a result 1 << qp->sq.wqe_shift gets to 0x80000000, which is negative,
so its less than size, and everything starts all over again.
Looking at the code, passing insanely huge values in qp params
will get all kind of overflows (e.g. size could get negative).
I think the best way is to check qp parameters for sanity in
mthca_create_qp.
--
MST
_______________________________________________
openib-general mailing list
[email protected]
http://openib.org/mailman/listinfo/openib-general
To unsubscribe, please visit http://openib.org/mailman/listinfo/openib-general
