From: Erni Sri Satya Vennela <ernis@linux.microsoft.com>
To: longli@microsoft.com, kotaranov@microsoft.com,
Jason Gunthorpe <jgg@ziepe.ca>, Leon Romanovsky <leon@kernel.org>,
linux-rdma@vger.kernel.org, linux-hyperv@vger.kernel.org,
linux-kernel@vger.kernel.org
Cc: Erni Sri Satya Vennela <ernis@linux.microsoft.com>
Subject: [PATCH rdma-next v3] RDMA/mana_ib: Clamp adapter capabilities at the ib_device_attr boundary
Date: Mon, 25 May 2026 12:01:01 -0700 [thread overview]
Message-ID: <20260525190101.1264185-1-ernis@linux.microsoft.com> (raw)
mana_ib stores its adapter capabilities internally as u32 in
struct mana_ib_adapter_caps. The IB core, however, exposes the
corresponding device attributes through struct ib_device_attr, where
fields such as max_qp, max_qp_wr, max_send_sge, max_recv_sge,
max_sge_rd, max_cq, max_cqe, max_mr, max_pd, max_qp_rd_atom,
max_res_rd_atom and max_qp_init_rd_atom are signed int.
mana_ib_query_device() is the only place that copies the cached u32
caps into these int fields. If a cap exceeds INT_MAX, the implicit
u32-to-int narrowing yields a negative value. Clamp each cap to
INT_MAX at this boundary so the values handed to the IB core are always
non-negative.
While here, fix a related overflow in the computation of
max_res_rd_atom. It is derived as max_qp_rd_atom * max_qp, both of
which are int after the assignment above; the multiplication can
overflow an int even with the new clamps in place. Widen to s64
before multiplying and clamp the result to INT_MAX.
Signed-off-by: Erni Sri Satya Vennela <ernis@linux.microsoft.com>
---
Changes in v3:
* Drop clamping from mana_ib_gd_query_adapter_caps(). The internal u32
caps cache does not need to be clamped.
* Move all clamping exclusively to mana_ib_query_device(), which is the
only place the cached u32 values are narrowed into the signed int
fields of struct ib_device_attr.
* Reframe commit message: this is a u32-to-int type boundary fix, not a
CVM/untrusted-hardware hardening patch.
Changes in v2:
* Update patch title.
---
drivers/infiniband/hw/mana/main.c | 33 ++++++++++++++++++++-----------
1 file changed, 21 insertions(+), 12 deletions(-)
diff --git a/drivers/infiniband/hw/mana/main.c b/drivers/infiniband/hw/mana/main.c
index ac5e75dd3494..ca843083140f 100644
--- a/drivers/infiniband/hw/mana/main.c
+++ b/drivers/infiniband/hw/mana/main.c
@@ -555,19 +555,28 @@ int mana_ib_query_device(struct ib_device *ibdev, struct ib_device_attr *props,
props->vendor_part_id = dev->gdma_dev->dev_id.type;
props->max_mr_size = MANA_IB_MAX_MR_SIZE;
props->page_size_cap = dev->adapter_caps.page_size_cap;
- props->max_qp = dev->adapter_caps.max_qp_count;
- props->max_qp_wr = dev->adapter_caps.max_qp_wr;
+ /*
+ * mana_ib stores adapter capabilities internally as u32, but the
+ * corresponding ib_device_attr fields are signed int. Clamp each
+ * value at this boundary so a cap larger than INT_MAX is never
+ * narrowed into a negative value visible to the IB core or
+ * userspace.
+ */
+ props->max_qp = min_t(u32, dev->adapter_caps.max_qp_count, INT_MAX);
+ props->max_qp_wr = min_t(u32, dev->adapter_caps.max_qp_wr, INT_MAX);
props->device_cap_flags = IB_DEVICE_RC_RNR_NAK_GEN;
- props->max_send_sge = dev->adapter_caps.max_send_sge_count;
- props->max_recv_sge = dev->adapter_caps.max_recv_sge_count;
- props->max_sge_rd = dev->adapter_caps.max_recv_sge_count;
- props->max_cq = dev->adapter_caps.max_cq_count;
- props->max_cqe = dev->adapter_caps.max_qp_wr;
- props->max_mr = dev->adapter_caps.max_mr_count;
- props->max_pd = dev->adapter_caps.max_pd_count;
- props->max_qp_rd_atom = dev->adapter_caps.max_inbound_read_limit;
- props->max_res_rd_atom = props->max_qp_rd_atom * props->max_qp;
- props->max_qp_init_rd_atom = dev->adapter_caps.max_outbound_read_limit;
+ props->max_send_sge = min_t(u32, dev->adapter_caps.max_send_sge_count, INT_MAX);
+ props->max_recv_sge = min_t(u32, dev->adapter_caps.max_recv_sge_count, INT_MAX);
+ props->max_sge_rd = min_t(u32, dev->adapter_caps.max_recv_sge_count, INT_MAX);
+ props->max_cq = min_t(u32, dev->adapter_caps.max_cq_count, INT_MAX);
+ props->max_cqe = min_t(u32, dev->adapter_caps.max_qp_wr, INT_MAX);
+ props->max_mr = min_t(u32, dev->adapter_caps.max_mr_count, INT_MAX);
+ props->max_pd = min_t(u32, dev->adapter_caps.max_pd_count, INT_MAX);
+ props->max_qp_rd_atom = min_t(u32, dev->adapter_caps.max_inbound_read_limit, INT_MAX);
+ props->max_res_rd_atom = min_t(s64,
+ (s64)props->max_qp_rd_atom * props->max_qp,
+ INT_MAX);
+ props->max_qp_init_rd_atom = min_t(u32, dev->adapter_caps.max_outbound_read_limit, INT_MAX);
props->atomic_cap = IB_ATOMIC_NONE;
props->masked_atomic_cap = IB_ATOMIC_NONE;
props->max_ah = INT_MAX;
--
2.34.1
next reply other threads:[~2026-05-25 19:01 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-05-25 19:01 Erni Sri Satya Vennela [this message]
2026-06-11 11:17 ` [PATCH rdma-next v3] RDMA/mana_ib: Clamp adapter capabilities at the ib_device_attr boundary Leon Romanovsky
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260525190101.1264185-1-ernis@linux.microsoft.com \
--to=ernis@linux.microsoft.com \
--cc=jgg@ziepe.ca \
--cc=kotaranov@microsoft.com \
--cc=leon@kernel.org \
--cc=linux-hyperv@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-rdma@vger.kernel.org \
--cc=longli@microsoft.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.