On Fri, Dec 29, 2017 at 05:38:56PM +0800, Lijun Ou wrote: > + hr_qp->rq_inl_buf.wqe_list = kcalloc(1, hr_qp->rq.wqe_cnt * > + sizeof(struct hns_roce_rinl_wqe), > + GFP_KERNEL); This is complete mis-use of the 2d allocator functions. It needs to be: hr_qp->rq_inl_buf.wqe_list = kcalloc(hr_qp->rq.wqe_cnt, sizeof(struct hns_roce_rinl_wqe), GFP_KERNEL); It is important that the first argument be the 'untrsuted' value so the multiply overflow checking works properly. > + /* Firstly, allocate a list of sge space buffer */ > + hr_qp->rq_inl_buf.wqe_list[0].sg_list = > + kcalloc(1, hr_qp->rq_inl_buf.wqe_cnt * > + init_attr->cap.max_recv_sge * > + sizeof(struct hns_roce_rinl_sge), > + GFP_KERNEL); ditto Jason -- To unsubscribe from this list: send the line "unsubscribe linux-rdma" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
