From 19773539d6369c54fbb0c870de0c75417b0020d1 Mon Sep 17 00:00:00 2001 From: Roland Dreier Date: Wed, 16 Apr 2008 21:01:13 -0700 Subject: [PATCH] IB/mthca: Avoid integer overflow when dealing with profile size mthca_make_profile() returns the size in bytes of the HCA context layout it creates, or a negative value if an error occurs. However, the return value is declared as u64 and the memfree initialization path casts this value to int to test if it is negative. This makes it think incorrectly than an error has occurred if the context size happens to be bigger than 2GB, since this turns into a negative int. Fix this by having mthca_make_profile() return an s64 and testing for an error by checking whether this 64-bit value itself is negative. Signed-off-by: Roland Dreier --- drivers/infiniband/hw/mthca/mthca_main.c | 11 +++++++---- drivers/infiniband/hw/mthca/mthca_profile.c | 4 ++-- drivers/infiniband/hw/mthca/mthca_profile.h | 2 +- 3 files changed, 10 insertions(+), 7 deletions(-) diff --git a/drivers/infiniband/hw/mthca/mthca_main.c b/drivers/infiniband/hw/mthca/mthca_main.c index 3889ae859f51..9ebadd6e0cfb 100644 --- a/drivers/infiniband/hw/mthca/mthca_main.c +++ b/drivers/infiniband/hw/mthca/mthca_main.c @@ -276,6 +276,7 @@ static int mthca_dev_lim(struct mthca_dev *mdev, struct mthca_dev_lim *dev_lim) static int mthca_init_tavor(struct mthca_dev *mdev) { + s64 size; u8 status; int err; struct mthca_dev_lim dev_lim; @@ -328,9 +329,11 @@ static int mthca_init_tavor(struct mthca_dev *mdev) if (mdev->mthca_flags & MTHCA_FLAG_SRQ) profile.num_srq = dev_lim.max_srqs; - err = mthca_make_profile(mdev, &profile, &dev_lim, &init_hca); - if (err < 0) + size = mthca_make_profile(mdev, &profile, &dev_lim, &init_hca); + if (size < 0) { + err = size; goto err_disable; + } err = mthca_INIT_HCA(mdev, &init_hca, &status); if (err) { @@ -609,7 +612,7 @@ static int mthca_init_arbel(struct mthca_dev *mdev) struct mthca_dev_lim dev_lim; struct mthca_profile profile; struct mthca_init_hca_param init_hca; - u64 icm_size; + s64 icm_size; u8 status; int err; @@ -657,7 +660,7 @@ static int mthca_init_arbel(struct mthca_dev *mdev) profile.num_srq = dev_lim.max_srqs; icm_size = mthca_make_profile(mdev, &profile, &dev_lim, &init_hca); - if ((int) icm_size < 0) { + if (icm_size < 0) { err = icm_size; goto err_stop_fw; } diff --git a/drivers/infiniband/hw/mthca/mthca_profile.c b/drivers/infiniband/hw/mthca/mthca_profile.c index 26bf86d1cfcd..605a8d57fac6 100644 --- a/drivers/infiniband/hw/mthca/mthca_profile.c +++ b/drivers/infiniband/hw/mthca/mthca_profile.c @@ -63,7 +63,7 @@ enum { MTHCA_NUM_PDS = 1 << 15 }; -u64 mthca_make_profile(struct mthca_dev *dev, +s64 mthca_make_profile(struct mthca_dev *dev, struct mthca_profile *request, struct mthca_dev_lim *dev_lim, struct mthca_init_hca_param *init_hca) @@ -77,7 +77,7 @@ u64 mthca_make_profile(struct mthca_dev *dev, }; u64 mem_base, mem_avail; - u64 total_size = 0; + s64 total_size = 0; struct mthca_resource *profile; struct mthca_resource tmp; int i, j; diff --git a/drivers/infiniband/hw/mthca/mthca_profile.h b/drivers/infiniband/hw/mthca/mthca_profile.h index 94641808f97f..e76cb62d8e32 100644 --- a/drivers/infiniband/hw/mthca/mthca_profile.h +++ b/drivers/infiniband/hw/mthca/mthca_profile.h @@ -53,7 +53,7 @@ struct mthca_profile { int fmr_reserved_mtts; }; -u64 mthca_make_profile(struct mthca_dev *mdev, +s64 mthca_make_profile(struct mthca_dev *mdev, struct mthca_profile *request, struct mthca_dev_lim *dev_lim, struct mthca_init_hca_param *init_hca);