Re: [PATCH rdma-next 2/2] RDMA/mlx5: Fix integer overflow of user QP buffer size

Next message: Peter Fang: "Re: [RFC PATCH 09/15] x86/virt/tdx: Add interface to generate a Quote"
Previous message: Ingo Molnar: "[GIT PULL] locking updates for v7.2"
In reply to: Jason Gunthorpe: "Re: [PATCH rdma-next 2/2] RDMA/mlx5: Fix integer overflow of user QP buffer size"
Next in thread: Jason Gunthorpe: "Re: [PATCH rdma-next 2/2] RDMA/mlx5: Fix integer overflow of user QP buffer size"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Edward Srouji

Date: Sun Jun 14 2026 - 07:23:22 EST

On 6/11/2026 10:17 PM, Jason Gunthorpe wrote:

On Thu, Jun 11, 2026 at 03:50:43PM +0300, Edward Srouji wrote:

@@ -664,11 +666,36 @@ static int set_user_buf_size(struct mlx5_ib_dev *dev,
if (attr->qp_type == IB_QPT_RAW_PACKET ||
qp->flags & IB_QP_CREATE_SOURCE_QPN) {
- base->ubuffer.buf_size = qp->rq.wqe_cnt << qp->rq.wqe_shift;
- qp->raw_packet_qp.sq.ubuffer.buf_size = qp->sq.wqe_cnt << 6;
+ if (check_shl_overflow(qp->rq.wqe_cnt, qp->rq.wqe_shift,
+ &base->ubuffer.buf_size)) {
+ mlx5_ib_warn(dev, "rq buf size overflow: wqe_cnt %d wqe_shift %d\n",
+ qp->rq.wqe_cnt, qp->rq.wqe_shift);
+ return -EINVAL;

No prints triggerable by uapi.

Right, will drop them.
Note that set_user_buf_size() already has a pre-existing mlx5_ib_warn() prints, which is equally uapi-triggerable.
Should we clean that up in a separate patch? Should we drop such prints entirely? or convert them to mlx5_ib_dbg()?

Jason