> > On Thu, Nov 21, 2019 at 01:38:24PM -0800, Ira Weiny wrote: > > > diff --git a/drivers/infiniband/core/ucma.c > > > b/drivers/infiniband/core/ucma.c index 0274e9b704be..57e68491a2fd > > > 100644 > > > --- a/drivers/infiniband/core/ucma.c > > > +++ b/drivers/infiniband/core/ucma.c > > > @@ -1045,7 +1045,7 @@ static void ucma_copy_conn_param(struct > rdma_cm_id *id, > > > dst->retry_count = src->retry_count; > > > dst->rnr_retry_count = src->rnr_retry_count; > > > dst->srq = src->srq; > > > - dst->qp_num = src->qp_num; > > > + dst->qp_num = src->qp_num & 0xFFFFFF; > > > > Isn't src->qp_num coming from userspace? Why not return -EINVAL in > > such a case? > > I afraid that it will break userspace application, we had similar case in uverbs, > where we added WARN_ON() while masked PSN and got endless amount of > bug reports from our enterprise colleagues who didn't clear memory above > those 24bits and saw kernel splats. I want to say there is less change of that here because librdmacm should be handling most of these numbers within the library. I have no dog in this fight so... Ira
