Roland, could you comment please?
---
If SRQ max_wr is too high, srq buf size calculation
srq->buf_size = srq->max << srq->wqe_shift
might overflow, resulting in crash on buffer access.
The simplest solution is to limit max_wr since practically hardware
does not support values bigger than 1 << 16.
Signed-off-by: Michael S. Tsirkin <[EMAIL PROTECTED]>
Index: openib/src/userspace/libmthca/src/verbs.c
===================================================================
--- openib/src/userspace/libmthca/src/verbs.c (revision 8484)
+++ openib/src/userspace/libmthca/src/verbs.c (working copy)
@@ -372,7 +372,7 @@ struct ibv_srq *mthca_create_srq(struct
int ret;
/* Sanity check SRQ size before proceeding */
- if (attr->attr.max_wr > 16 << 20 || attr->attr.max_sge > 64)
+ if (attr->attr.max_wr >= 1 << 16 || attr->attr.max_sge > 64)
return NULL;
srq = malloc(sizeof *srq);
--
MST
_______________________________________________
openib-general mailing list
[email protected]
http://openib.org/mailman/listinfo/openib-general
To unsubscribe, please visit http://openib.org/mailman/listinfo/openib-general
