projects / linux-2.6-block.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
RDMA/amso1100: Check for integer overflow in c2_alloc_cq_buf()
[linux-2.6-block.git] / drivers / infiniband / hw / amso1100 / c2_cq.c
diff --git a/drivers/infiniband/hw/amso1100/c2_cq.c b/drivers/infiniband/hw/amso1100/c2_cq.c
index 49e0e8533f748d8dc3bc8ccec234a22b0bfc242c..1b63185b4ad4fa977bc4f211fe159cd32c83aabb 100644 (file)
--- a/drivers/infiniband/hw/amso1100/c2_cq.c
+++ b/drivers/infiniband/hw/amso1100/c2_cq.c
@@ -260,11 +260,14 @@ static void c2_free_cq_buf(struct c2_dev *c2dev, struct c2_mq *mq)
                          mq->msg_pool.host, dma_unmap_addr(mq, mapping));
 }
 
-static int c2_alloc_cq_buf(struct c2_dev *c2dev, struct c2_mq *mq, int q_size,
-                          int msg_size)
+static int c2_alloc_cq_buf(struct c2_dev *c2dev, struct c2_mq *mq,
+                          size_t q_size, size_t msg_size)
 {
        u8 *pool_start;
 
+       if (q_size > SIZE_MAX / msg_size)
+               return -EINVAL;
+
        pool_start = dma_alloc_coherent(&c2dev->pcidev->dev, q_size * msg_size,
                                        &mq->host_dma, GFP_KERNEL);
        if (!pool_start)
Linux 6.x block layer and io_uring tree(s)