> Subject: [PATCH rdma-next 5/6] RDMA/mana_ib: boundary check before
> installing cq callbacks
>
> From: Konstantin Taranov <kotaranov@xxxxxxxxxxxxx>
>
> Add a boundary check inside mana_ib_install_cq_cb to prevent index
> overflow.
How is this condition possible that we are getting an out of bound queue id from SOC?
>
> Fixes: 2a31c5a7e0d8 ("RDMA/mana_ib: Introduce mana_ib_install_cq_cb
> helper function")
> Signed-off-by: Konstantin Taranov <kotaranov@xxxxxxxxxxxxx>
> ---
> drivers/infiniband/hw/mana/cq.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/drivers/infiniband/hw/mana/cq.c
> b/drivers/infiniband/hw/mana/cq.c index 6c3bb8c..8323085 100644
> --- a/drivers/infiniband/hw/mana/cq.c
> +++ b/drivers/infiniband/hw/mana/cq.c
> @@ -70,6 +70,8 @@ int mana_ib_install_cq_cb(struct mana_ib_dev *mdev,
> struct mana_ib_cq *cq)
> struct gdma_context *gc = mdev_to_gc(mdev);
> struct gdma_queue *gdma_cq;
>
> + if (cq->queue.id >= gc->max_num_cqs)
> + return -EINVAL;
> /* Create CQ table entry */
> WARN_ON(gc->cq_table[cq->queue.id]);
> gdma_cq = kzalloc(sizeof(*gdma_cq), GFP_KERNEL);
> --
> 2.43.0
