Hi, On Thu, Oct 7, 2010 at 6:59 PM, Dan Carpenter <error27@xxxxxxxxx> wrote: > On Thu, Oct 07, 2010 at 10:16:49AM -0600, Jason Gunthorpe wrote: >> On Thu, Oct 07, 2010 at 09:16:10AM +0200, Dan Carpenter wrote: >> > If we don't limit cmd.ne then the multiplications can overflow. This >> > will allocate a small amount of RAM successfully for the "resp" and >> > "wc" buffers. The heap will get corrupted when we call ib_poll_cq(). >> >> I think you could cap the number of returned entries to >> UVERBS_MAX_NUM_ENTRIES rather than return EINVAL. That might be more >> compatible with user space.. >> > > Good idea. I don't actually have this hardware, so I can't test it, but > that definitely sounds reasonable. > > If we did that then UVERBS_MAX_NUM_ENTRIES could be lower than 1000. > What is a reasonable number? You can also use kcalloc to allocate wc. > > regards, > dan carpenter > > -- > To unsubscribe from this list: send the line "unsubscribe kernel-janitors" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html > -- Nicolas Palix Tel: +33 6 81 07 91 72 -- To unsubscribe from this list: send the line "unsubscribe kernel-janitors" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html