https://bugzilla.kernel.org/show_bug.cgi?id=212991 Bug ID: 212991 Summary: A possible divide by zero in calc_sq_size Product: Drivers Version: 2.5 Kernel Version: 5.12.2 Hardware: All OS: Linux Tree: Mainline Status: NEW Severity: normal Priority: P1 Component: Infiniband/RDMA Assignee: drivers_infiniband-rdma@xxxxxxxxxxxxxxxxxxxx Reporter: yguoaz@xxxxxxxxx Regression: No In the file drivers/infiniband/hw/mlx5/qp.c, the function calc_sq_size has the following code(link to code location: https://github.com/torvalds/linux/blob/master/drivers/infiniband/hw/mlx5/qp.c#L510): static int calc_sq_size(struct mlx5_ib_dev *dev, struct ib_qp_init_attr *attr, struct mlx5_ib_qp *qp) { ... wqe_size = calc_send_wqe(attr); ... qp->sq.max_post = wq_size / wqe_size; } static int calc_send_wqe(struct ib_qp_init_attr *attr) { int inl_size = 0; int size; size = sq_overhead(attr); if (size < 0) return size; if (attr->cap.max_inline_data) { inl_size = size + sizeof(struct mlx5_wqe_inline_seg) + attr->cap.max_inline_data; } size += attr->cap.max_send_sge * sizeof(struct mlx5_wqe_data_seg); if (attr->create_flags & IB_QP_CREATE_INTEGRITY_EN && ALIGN(max_t(int, inl_size, size), MLX5_SEND_WQE_BB) < MLX5_SIG_WQE_SIZE) return MLX5_SIG_WQE_SIZE; else return ALIGN(max_t(int, inl_size, size), MLX5_SEND_WQE_BB); } The function calc_send_wqe may return 0 (when attr->qp_type == IB_QPT_XRC_TGT && attr->cap.max_send_sge == 0), leading to a possible divide by zero problem. -- You may reply to this email to add a comment. You are receiving this mail because: You are watching the assignee of the bug.
