From: Leon Romanovsky <leon@kernel.org>
To: Erni Sri Satya Vennela <ernis@linux.microsoft.com>
Cc: longli@microsoft.com, kotaranov@microsoft.com,
Jason Gunthorpe <jgg@ziepe.ca>,
linux-rdma@vger.kernel.org, linux-hyperv@vger.kernel.org,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH rdma-next v3] RDMA/mana_ib: Clamp adapter capabilities at the ib_device_attr boundary
Date: Thu, 11 Jun 2026 14:17:45 +0300 [thread overview]
Message-ID: <20260611111745.GM327369@unreal> (raw)
In-Reply-To: <20260525190101.1264185-1-ernis@linux.microsoft.com>
On Mon, May 25, 2026 at 12:01:01PM -0700, Erni Sri Satya Vennela wrote:
> mana_ib stores its adapter capabilities internally as u32 in
> struct mana_ib_adapter_caps. The IB core, however, exposes the
> corresponding device attributes through struct ib_device_attr, where
> fields such as max_qp, max_qp_wr, max_send_sge, max_recv_sge,
> max_sge_rd, max_cq, max_cqe, max_mr, max_pd, max_qp_rd_atom,
> max_res_rd_atom and max_qp_init_rd_atom are signed int.
>
> mana_ib_query_device() is the only place that copies the cached u32
> caps into these int fields. If a cap exceeds INT_MAX, the implicit
> u32-to-int narrowing yields a negative value. Clamp each cap to
> INT_MAX at this boundary so the values handed to the IB core are always
> non-negative.
>
> While here, fix a related overflow in the computation of
> max_res_rd_atom. It is derived as max_qp_rd_atom * max_qp, both of
> which are int after the assignment above; the multiplication can
> overflow an int even with the new clamps in place. Widen to s64
> before multiplying and clamp the result to INT_MAX.
>
> Signed-off-by: Erni Sri Satya Vennela <ernis@linux.microsoft.com>
> ---
> Changes in v3:
> * Drop clamping from mana_ib_gd_query_adapter_caps(). The internal u32
> caps cache does not need to be clamped.
> * Move all clamping exclusively to mana_ib_query_device(), which is the
> only place the cached u32 values are narrowed into the signed int
> fields of struct ib_device_attr.
> * Reframe commit message: this is a u32-to-int type boundary fix, not a
> CVM/untrusted-hardware hardening patch.
You should align all types to u32 and avoid hiding the issue behind
min_t().
Thanks
prev parent reply other threads:[~2026-06-11 11:17 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-05-25 19:01 [PATCH rdma-next v3] RDMA/mana_ib: Clamp adapter capabilities at the ib_device_attr boundary Erni Sri Satya Vennela
2026-06-11 11:17 ` Leon Romanovsky [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260611111745.GM327369@unreal \
--to=leon@kernel.org \
--cc=ernis@linux.microsoft.com \
--cc=jgg@ziepe.ca \
--cc=kotaranov@microsoft.com \
--cc=linux-hyperv@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-rdma@vger.kernel.org \
--cc=longli@microsoft.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.