Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 859976da authored Aug 12, 2014 by Dan Carpenter Committed by Roland Dreier Aug 12, 2014

RDMA/amso1100: Check for integer overflow in c2_alloc_cq_buf()



This is a static checker fix.  The static checker says that q_size comes
from the user and can be any 32 bit value.  The call tree is:
  --> ib_uverbs_create_cq()
      --> c2_create_cq()
          --> c2_init_cq()

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Doug Ledford <dledford@redhat.com>
Signed-off-by: Roland Dreier <roland@purestorage.com>

parent 64aa90f2

drivers/infiniband/hw/amso1100/c2_cq.c

+5 −2

Original line number	Diff line number	Diff line
		@@ -260,11 +260,14 @@ static void c2_free_cq_buf(struct c2_dev c2dev, struct c2_mq mq)
		mq->msg_pool.host, dma_unmap_addr(mq, mapping));
		}

		static int c2_alloc_cq_buf(struct c2_dev c2dev, struct c2_mq mq, int q_size,
		int msg_size)
		static int c2_alloc_cq_buf(struct c2_dev c2dev, struct c2_mq mq,
		size_t q_size, size_t msg_size)
		{
		u8 *pool_start;

		if (q_size > SIZE_MAX / msg_size)
		return -EINVAL;

		pool_start = dma_alloc_coherent(&c2dev->pcidev->dev, q_size * msg_size,
		&mq->host_dma, GFP_KERNEL);
		if (!pool_start)