On Sun, Feb 25, 2018 at 01:39:50PM +0200, Leon Romanovsky wrote:
> static int create_raw_packet_qp_rq(struct mlx5_ib_dev *dev,
> - struct mlx5_ib_rq *rq, void *qpin)
> + struct mlx5_ib_rq *rq, void *qpin,
> + int qpinlen)
> {
> struct mlx5_ib_qp *mqp = rq->base.container_mibqp;
> __be64 *pas;
> @@ -1190,6 +1191,9 @@ static int create_raw_packet_qp_rq(struct mlx5_ib_dev *dev,
> int err;
> u32 rq_pas_size = get_rq_pas_size(qpc);
>
> + if (qpinlen < 0 || (u32)qpinlen < rq_pas_size + MLX5_BYTE_OFF(create_qp_in, pas))
> + return -EINVAL;
Please use proper types instead of checking for impossible negatives.
qpinlen comes from here:
int inlen = MLX5_ST_SZ_BYTES(create_qp_in);
Which should be size_t throughout.
Jason
--
To unsubscribe from this list: send the line "unsubscribe linux-rdma" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
