Here's an updated version of Dotan's patch (that was line wrapped).
---
Passing huge size values to create_cq/resize_cq causes hang in align_cq_size.
Fix this by validating input, similiar to what we do for create_qp.
Signed-off-by: Dotan Barak <[EMAIL PROTECTED]>
Signed-off-by: Michael S. Tsirkin <[EMAIL PROTECTED]>
Index: last_stable/src/userspace/libmthca/src/verbs.c
===================================================================
--- last_stable.orig/src/userspace/libmthca/src/verbs.c 2006-07-04
15:22:20.000000000 +0300
+++ last_stable/src/userspace/libmthca/src/verbs.c 2006-07-04
15:23:49.000000000 +0300
@@ -174,6 +174,9 @@ struct ibv_cq *mthca_create_cq(struct ib
struct mthca_cq *cq;
int ret;
+ if (cqe > 131072)
+ return NULL;
+
cq = malloc(sizeof *cq);
if (!cq)
return NULL;
@@ -264,6 +268,9 @@ int mthca_resize_cq(struct ibv_cq *ibcq,
int old_cqe;
int ret;
+ if (cqe > 131072)
+ return EINVAL;
+
pthread_spin_lock(&cq->lock);
cqe = align_cq_size(cqe);
--
MST
_______________________________________________
openib-general mailing list
[email protected]
http://openib.org/mailman/listinfo/openib-general
To unsubscribe, please visit http://openib.org/mailman/listinfo/openib-general
