On Thu, Nov 21, 2019 at 01:38:24PM -0800, Ira Weiny wrote: > > diff --git a/drivers/infiniband/core/ucma.c b/drivers/infiniband/core/ucma.c > > index 0274e9b704be..57e68491a2fd 100644 > > --- a/drivers/infiniband/core/ucma.c > > +++ b/drivers/infiniband/core/ucma.c > > @@ -1045,7 +1045,7 @@ static void ucma_copy_conn_param(struct rdma_cm_id *id, > > dst->retry_count = src->retry_count; > > dst->rnr_retry_count = src->rnr_retry_count; > > dst->srq = src->srq; > > - dst->qp_num = src->qp_num; > > + dst->qp_num = src->qp_num & 0xFFFFFF; > > Isn't src->qp_num coming from userspace? Why not return -EINVAL in such a > case? I afraid that it will break userspace application, we had similar case in uverbs, where we added WARN_ON() while masked PSN and got endless amount of bug reports from our enterprise colleagues who didn't clear memory above those 24bits and saw kernel splats. Thanks > > Ira >
