On Thu, Oct 07, 2010 at 10:16:49AM -0600, Jason Gunthorpe wrote: > On Thu, Oct 07, 2010 at 09:16:10AM +0200, Dan Carpenter wrote: > > If we don't limit cmd.ne then the multiplications can overflow. This > > will allocate a small amount of RAM successfully for the "resp" and > > "wc" buffers. The heap will get corrupted when we call ib_poll_cq(). > > I think you could cap the number of returned entries to > UVERBS_MAX_NUM_ENTRIES rather than return EINVAL. That might be more > compatible with user space.. > Good idea. I don't actually have this hardware, so I can't test it, but that definitely sounds reasonable. If we did that then UVERBS_MAX_NUM_ENTRIES could be lower than 1000. What is a reasonable number? regards, dan carpenter -- To unsubscribe from this list: send the line "unsubscribe kernel-janitors" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html