aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDotan Barak <dotanb@mellanox.co.il>2006-03-19 10:20:36 -0500
committerRoland Dreier <rolandd@cisco.com>2006-03-24 18:47:27 -0500
commit0ef61db837c93d4377fabd37182bb6f83ea5ca70 (patch)
tree04e5d5db86c5b12e3879c8a7c8933a1b8300ceda
parentcf368713a3f3b2eb737a92d1b7186dedcc51167c (diff)
IB/mthca: Check that sgid_index and path_mtu are valid in modify_qp
Add a check that the modify QP parameters sgid_index and path_mtu are valid, since they might come from userspace. Signed-off-by: Dotan Barak <dotanb@mellanox.co.il> Signed-off-by: Roland Dreier <rolandd@cisco.com>
-rw-r--r--drivers/infiniband/hw/mthca/mthca_qp.c27
1 files changed, 23 insertions, 4 deletions
diff --git a/drivers/infiniband/hw/mthca/mthca_qp.c b/drivers/infiniband/hw/mthca/mthca_qp.c
index f673c461e30b..c4b74dbc16f2 100644
--- a/drivers/infiniband/hw/mthca/mthca_qp.c
+++ b/drivers/infiniband/hw/mthca/mthca_qp.c
@@ -483,13 +483,20 @@ out:
483 return err; 483 return err;
484} 484}
485 485
486static void mthca_path_set(struct ib_ah_attr *ah, struct mthca_qp_path *path) 486static int mthca_path_set(struct mthca_dev *dev, struct ib_ah_attr *ah,
487 struct mthca_qp_path *path)
487{ 488{
488 path->g_mylmc = ah->src_path_bits & 0x7f; 489 path->g_mylmc = ah->src_path_bits & 0x7f;
489 path->rlid = cpu_to_be16(ah->dlid); 490 path->rlid = cpu_to_be16(ah->dlid);
490 path->static_rate = !!ah->static_rate; 491 path->static_rate = !!ah->static_rate;
491 492
492 if (ah->ah_flags & IB_AH_GRH) { 493 if (ah->ah_flags & IB_AH_GRH) {
494 if (ah->grh.sgid_index >= dev->limits.gid_table_len) {
495 mthca_dbg(dev, "sgid_index (%u) too large. max is %d\n",
496 ah->grh.sgid_index, dev->limits.gid_table_len-1);
497 return -1;
498 }
499
493 path->g_mylmc |= 1 << 7; 500 path->g_mylmc |= 1 << 7;
494 path->mgid_index = ah->grh.sgid_index; 501 path->mgid_index = ah->grh.sgid_index;
495 path->hop_limit = ah->grh.hop_limit; 502 path->hop_limit = ah->grh.hop_limit;
@@ -500,6 +507,8 @@ static void mthca_path_set(struct ib_ah_attr *ah, struct mthca_qp_path *path)
500 memcpy(path->rgid, ah->grh.dgid.raw, 16); 507 memcpy(path->rgid, ah->grh.dgid.raw, 16);
501 } else 508 } else
502 path->sl_tclass_flowlabel = cpu_to_be32(ah->sl << 28); 509 path->sl_tclass_flowlabel = cpu_to_be32(ah->sl << 28);
510
511 return 0;
503} 512}
504 513
505int mthca_modify_qp(struct ib_qp *ibqp, struct ib_qp_attr *attr, int attr_mask) 514int mthca_modify_qp(struct ib_qp *ibqp, struct ib_qp_attr *attr, int attr_mask)
@@ -592,8 +601,14 @@ int mthca_modify_qp(struct ib_qp *ibqp, struct ib_qp_attr *attr, int attr_mask)
592 601
593 if (qp->transport == MLX || qp->transport == UD) 602 if (qp->transport == MLX || qp->transport == UD)
594 qp_context->mtu_msgmax = (IB_MTU_2048 << 5) | 11; 603 qp_context->mtu_msgmax = (IB_MTU_2048 << 5) | 11;
595 else if (attr_mask & IB_QP_PATH_MTU) 604 else if (attr_mask & IB_QP_PATH_MTU) {
605 if (attr->path_mtu < IB_MTU_256 || attr->path_mtu > IB_MTU_2048) {
606 mthca_dbg(dev, "path MTU (%u) is invalid\n",
607 attr->path_mtu);
608 return -EINVAL;
609 }
596 qp_context->mtu_msgmax = (attr->path_mtu << 5) | 31; 610 qp_context->mtu_msgmax = (attr->path_mtu << 5) | 31;
611 }
597 612
598 if (mthca_is_memfree(dev)) { 613 if (mthca_is_memfree(dev)) {
599 if (qp->rq.max) 614 if (qp->rq.max)
@@ -642,7 +657,9 @@ int mthca_modify_qp(struct ib_qp *ibqp, struct ib_qp_attr *attr, int attr_mask)
642 } 657 }
643 658
644 if (attr_mask & IB_QP_AV) { 659 if (attr_mask & IB_QP_AV) {
645 mthca_path_set(&attr->ah_attr, &qp_context->pri_path); 660 if (mthca_path_set(dev, &attr->ah_attr, &qp_context->pri_path))
661 return -EINVAL;
662
646 qp_param->opt_param_mask |= cpu_to_be32(MTHCA_QP_OPTPAR_PRIMARY_ADDR_PATH); 663 qp_param->opt_param_mask |= cpu_to_be32(MTHCA_QP_OPTPAR_PRIMARY_ADDR_PATH);
647 } 664 }
648 665
@@ -664,7 +681,9 @@ int mthca_modify_qp(struct ib_qp *ibqp, struct ib_qp_attr *attr, int attr_mask)
664 return -EINVAL; 681 return -EINVAL;
665 } 682 }
666 683
667 mthca_path_set(&attr->alt_ah_attr, &qp_context->alt_path); 684 if (mthca_path_set(dev, &attr->alt_ah_attr, &qp_context->alt_path))
685 return -EINVAL;
686
668 qp_context->alt_path.port_pkey |= cpu_to_be32(attr->alt_pkey_index | 687 qp_context->alt_path.port_pkey |= cpu_to_be32(attr->alt_pkey_index |
669 attr->alt_port_num << 24); 688 attr->alt_port_num << 24);
670 qp_context->alt_path.ackto = attr->alt_timeout << 3; 689 qp_context->alt_path.ackto = attr->alt_timeout << 3;