IB/mthca: Avoid integer overflow when dealing with profile size

mthca_make_profile() returns the size in bytes of the HCA context
layout it creates, or a negative value if an error occurs.  However,
the return value is declared as u64 and the memfree initialization
path casts this value to int to test if it is negative.  This makes it
think incorrectly than an error has occurred if the context size
happens to be bigger than 2GB, since this turns into a negative int.

Fix this by having mthca_make_profile() return an s64 and testing
for an error by checking whether this 64-bit value itself is negative.

Signed-off-by: Roland Dreier <rolandd@cisco.com>

diff --git a/drivers/infiniband/hw/mthca/mthca_main.c b/drivers/infiniband/hw/mthca/mthca_main.c
index 3889ae859f51096142d789e37336142a11fccd78..9ebadd6e0cfba4046e4dc7309aeaf4033cc0e18f 100644 (file)
--- a/drivers/infiniband/hw/mthca/mthca_main.c
+++ b/drivers/infiniband/hw/mthca/mthca_main.c
@@ -276,6 +276,7 @@ static int mthca_dev_lim(struct mthca_dev *mdev, struct mthca_dev_lim *dev_lim)
 
 static int mthca_init_tavor(struct mthca_dev *mdev)
 {
+       s64 size;
        u8 status;
        int err;
        struct mthca_dev_lim        dev_lim;
@@ -328,9 +329,11 @@ static int mthca_init_tavor(struct mthca_dev *mdev)
        if (mdev->mthca_flags & MTHCA_FLAG_SRQ)
                profile.num_srq = dev_lim.max_srqs;
 
-       err = mthca_make_profile(mdev, &profile, &dev_lim, &init_hca);
-       if (err < 0)
+       size = mthca_make_profile(mdev, &profile, &dev_lim, &init_hca);
+       if (size < 0) {
+               err = size;
                goto err_disable;
+       }
 
        err = mthca_INIT_HCA(mdev, &init_hca, &status);
        if (err) {
@@ -609,7 +612,7 @@ static int mthca_init_arbel(struct mthca_dev *mdev)
        struct mthca_dev_lim        dev_lim;
        struct mthca_profile        profile;
        struct mthca_init_hca_param init_hca;
-       u64 icm_size;
+       s64 icm_size;
        u8 status;
        int err;
 
@@ -657,7 +660,7 @@ static int mthca_init_arbel(struct mthca_dev *mdev)
                profile.num_srq = dev_lim.max_srqs;
 
        icm_size = mthca_make_profile(mdev, &profile, &dev_lim, &init_hca);
-       if ((int) icm_size < 0) {
+       if (icm_size < 0) {
                err = icm_size;
                goto err_stop_fw;
        }

diff --git a/drivers/infiniband/hw/mthca/mthca_profile.c b/drivers/infiniband/hw/mthca/mthca_profile.c
index 26bf86d1cfcd693cf29cdc19bd9704ec916b65de..605a8d57fac6764c97a7029b887e7517dbdadb9f 100644 (file)
--- a/drivers/infiniband/hw/mthca/mthca_profile.c
+++ b/drivers/infiniband/hw/mthca/mthca_profile.c
@@ -63,7 +63,7 @@ enum {
        MTHCA_NUM_PDS = 1 << 15
 };
 
-u64 mthca_make_profile(struct mthca_dev *dev,
+s64 mthca_make_profile(struct mthca_dev *dev,
                       struct mthca_profile *request,
                       struct mthca_dev_lim *dev_lim,
                       struct mthca_init_hca_param *init_hca)
@@ -77,7 +77,7 @@ u64 mthca_make_profile(struct mthca_dev *dev,
        };
 
        u64 mem_base, mem_avail;
-       u64 total_size = 0;
+       s64 total_size = 0;
        struct mthca_resource *profile;
        struct mthca_resource tmp;
        int i, j;

diff --git a/drivers/infiniband/hw/mthca/mthca_profile.h b/drivers/infiniband/hw/mthca/mthca_profile.h
index 94641808f97f5cff4ef7cf93dd323d1ab4a5f584..e76cb62d8e326990b6a05c529dad05d6e225d485 100644 (file)
--- a/drivers/infiniband/hw/mthca/mthca_profile.h
+++ b/drivers/infiniband/hw/mthca/mthca_profile.h
@@ -53,7 +53,7 @@ struct mthca_profile {
        int fmr_reserved_mtts;
 };
 
-u64 mthca_make_profile(struct mthca_dev *mdev,
+s64 mthca_make_profile(struct mthca_dev *mdev,
                       struct mthca_profile *request,
                       struct mthca_dev_lim *dev_lim,
                       struct mthca_init_hca_param *init_hca);