Hi Jason,
On 2/26/2018 8:27 PM, Jason Gunthorpe wrote:
On Sun, Feb 25, 2018 at 01:39:50PM +0200, Leon Romanovsky wrote:
static int create_raw_packet_qp_rq(struct mlx5_ib_dev *dev,
- struct mlx5_ib_rq *rq, void *qpin)
+ struct mlx5_ib_rq *rq, void *qpin,
+ int qpinlen)
{
struct mlx5_ib_qp *mqp = rq->base.container_mibqp;
__be64 *pas;
@@ -1190,6 +1191,9 @@ static int create_raw_packet_qp_rq(struct mlx5_ib_dev *dev,
int err;
u32 rq_pas_size = get_rq_pas_size(qpc);
+ if (qpinlen < 0 || (u32)qpinlen < rq_pas_size + MLX5_BYTE_OFF(create_qp_in, pas))
+ return -EINVAL;
Please use proper types instead of checking for impossible negatives.
qpinlen comes from here:
int inlen = MLX5_ST_SZ_BYTES(create_qp_in);
Which should be size_t throughout.
I definitely agree.
I've started doing it and realized that changing this here implies
changes throughout mlx5 where many types should be unsigned. Then, I
decided to fix the local issue here, and leave the signed -> unsigned
refactoring of mlx5 to somebody else.
Best,
Boris.
--
To unsubscribe from this list: send the line "unsubscribe linux-rdma" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
