From: Sebastian Sanchez Date: Wed, 3 Feb 2016 22:34:32 +0000 (-0800) Subject: staging/rdma/hfi1: Fix for module parameter rcvhdrcnt when it's 2097152 X-Git-Url: https://git.karo-electronics.de/?a=commitdiff_plain;h=e002dcc0abd318b0c5d7b2d05ba41ef4d00abe73;p=linux-beck.git staging/rdma/hfi1: Fix for module parameter rcvhdrcnt when it's 2097152 The driver crashes when loaded with parameter rcvhdrcnt=2097152. The root cause was that rcvhdrcnt was initially a 32 bit variable and its value was assigned to a 16 bit variable, truncating the upper 16 bits. This patch prevents the user from passing a value for rcvhdrcnt greater than 16352 (Maximum number for rcvhdrcnt). Reviewed-by: Dean Luick Reviewed-by: Mitko Haralanov Signed-off-by: Sebastian Sanchez Signed-off-by: Jubin John Signed-off-by: Doug Ledford --- diff --git a/drivers/staging/rdma/hfi1/init.c b/drivers/staging/rdma/hfi1/init.c index 6ddf3c8bcc2e..eec91305516a 100644 --- a/drivers/staging/rdma/hfi1/init.c +++ b/drivers/staging/rdma/hfi1/init.c @@ -77,6 +77,7 @@ #define HFI1_MIN_USER_CTXT_BUFCNT 7 #define HFI1_MIN_HDRQ_EGRBUF_CNT 2 +#define HFI1_MAX_HDRQ_EGRBUF_CNT 16352 #define HFI1_MIN_EAGER_BUFFER_SIZE (4 * 1024) /* 4KB */ #define HFI1_MAX_EAGER_BUFFER_SIZE (256 * 1024) /* 256KB */ @@ -1355,6 +1356,13 @@ static int init_one(struct pci_dev *pdev, const struct pci_device_id *ent) ret = -EINVAL; goto bail; } + if (rcvhdrcnt > HFI1_MAX_HDRQ_EGRBUF_CNT) { + hfi1_early_err(&pdev->dev, + "Receive header queue count cannot be greater than %u\n", + HFI1_MAX_HDRQ_EGRBUF_CNT); + ret = -EINVAL; + goto bail; + } /* use the encoding function as a sanitization check */ if (!encode_rcv_header_entry_size(hfi1_hdrq_entsize)) { hfi1_early_err(&pdev->dev, "Invalid HdrQ Entry size %u\n",