:) -----Original Message----- From: Jason Gunthorpe <jgg@xxxxxxxx> Sent: Wednesday, April 24, 2019 4:10 PM To: Guy Levi(SW) <guyle@xxxxxxxxxxxx> Cc: Leon Romanovsky <leon@xxxxxxxxxx>; Doug Ledford <dledford@xxxxxxxxxx>; RDMA mailing list <linux-rdma@xxxxxxxxxxxxxxx>; Yonatan Cohen (SW) <yonatanc@xxxxxxxxxxxx> Subject: Re: [PATCH rdma-rc] IB/mlx5: Fix scatter to CQE in DCT QP creation On Wed, Apr 24, 2019 at 12:59:33PM +0000, Guy Levi(SW) wrote: > Ooo... thanks! > > From: Jason Gunthorpe <jgg@xxxxxxxx> > Sent: Wednesday, April 24, 2019 2:40 PM > To: Guy Levi(SW) <guyle@xxxxxxxxxxxx> > Cc: Leon Romanovsky <leon@xxxxxxxxxx>; Doug Ledford > <dledford@xxxxxxxxxx>; RDMA mailing list <linux-rdma@xxxxxxxxxxxxxxx>; > Yonatan Cohen (SW) <yonatanc@xxxxxxxxxxxx> > Subject: Re: [PATCH rdma-rc] IB/mlx5: Fix scatter to CQE in DCT QP > creation > > On Wed, Apr 24, 2019 at 10:05:30AM +0000, Guy Levi(SW) wrote: > > Jason, > > > > Expect that the mailbox is corrupted there is a memory corruption in > > the kernel which is worse (allocate DCT struct and then write to it as QP struct). > > It isn't memory corruption, it is just mail box command corruption: > > BUILD_BUG_ON(MLX5_BYTE_OFF(qpc, cs_res) <= MLX5_ST_SZ_BYTES(dctc)); > > Doesn't fail, so it doesn't reference out of bounds of the mailbox. Oo, but did I get the <= backwards? I did! So it does smash the stask :\ Jason
