Re: [PATCH rdma-next 2/2] RDMA/mlx5: Fix integer overflow of user QP buffer size
From: Jason Gunthorpe
Date: Mon Jun 15 2026 - 09:40:25 EST
On Sun, Jun 14, 2026 at 02:23:00PM +0300, Edward Srouji wrote:
>
>
> On 6/11/2026 10:17 PM, Jason Gunthorpe wrote:
> > On Thu, Jun 11, 2026 at 03:50:43PM +0300, Edward Srouji wrote:
> > > @@ -664,11 +666,36 @@ static int set_user_buf_size(struct mlx5_ib_dev *dev,
> > > if (attr->qp_type == IB_QPT_RAW_PACKET ||
> > > qp->flags & IB_QP_CREATE_SOURCE_QPN) {
> > > - base->ubuffer.buf_size = qp->rq.wqe_cnt << qp->rq.wqe_shift;
> > > - qp->raw_packet_qp.sq.ubuffer.buf_size = qp->sq.wqe_cnt << 6;
> > > + if (check_shl_overflow(qp->rq.wqe_cnt, qp->rq.wqe_shift,
> > > + &base->ubuffer.buf_size)) {
> > > + mlx5_ib_warn(dev, "rq buf size overflow: wqe_cnt %d wqe_shift %d\n",
> > > + qp->rq.wqe_cnt, qp->rq.wqe_shift);
> > > + return -EINVAL;
> >
> > No prints triggerable by uapi.
> >
> Right, will drop them.
> Note that set_user_buf_size() already has a pre-existing mlx5_ib_warn()
> prints, which is equally uapi-triggerable.
> Should we clean that up in a separate patch? Should we drop such prints
> entirely? or convert them to mlx5_ib_dbg()?
Yes clean them up, up to you if you want dbg versions
Jason