RDMA/mana_ib: check cqe length for kernel CQs

Check queue size during kernel CQ creation to prevent overflow of u32.

Fixes: bec127e45d9f ("RDMA/mana_ib: create kernel-level CQs")
Link: https://patch.msgid.link/r/1761213780-5457-1-git-send-email-kotaranov@linux.microsoft.com
Signed-off-by: Konstantin Taranov <kotaranov@microsoft.com>
Reviewed-by: Long Li <longli@microsoft.com>
Signed-off-by: Jason Gunthorpe <jgg@nvidia.com>

diff --git a/drivers/infiniband/hw/mana/cq.c b/drivers/infiniband/hw/mana/cq.c
index 1becc87791235882517ad6750ff887deda967cb4..7600412b0739ff9bd03390a5bb82e6772350fad2 100644 (file)
--- a/drivers/infiniband/hw/mana/cq.c
+++ b/drivers/infiniband/hw/mana/cq.c
@@ -56,6 +56,10 @@ int mana_ib_create_cq(struct ib_cq *ibcq, const struct ib_cq_init_attr *attr,
                doorbell = mana_ucontext->doorbell;
        } else {
                is_rnic_cq = true;
+               if (attr->cqe > U32_MAX / COMP_ENTRY_SIZE / 2 + 1) {
+                       ibdev_dbg(ibdev, "CQE %d exceeding limit\n", attr->cqe);
+                       return -EINVAL;
+               }
                buf_size = MANA_PAGE_ALIGN(roundup_pow_of_two(attr->cqe * COMP_ENTRY_SIZE));
                cq->cqe = buf_size / COMP_ENTRY_SIZE;
                err = mana_ib_create_kernel_queue(mdev, buf_size, GDMA_CQ, &cq->queue);