RDMA/i40iw: Fix overflow of region length

Change region_length to u64 as a region can be > 4GB.

Signed-off-by: Mustafa Ismail <mustafa.ismail@intel.com>
Signed-off-by: Doug Ledford <dledford@redhat.com>

diff --git a/drivers/infiniband/hw/i40iw/i40iw_user.h b/drivers/infiniband/hw/i40iw/i40iw_user.h
index 5cd971bb8cc7d5483e602de158b1754b50eb74b6..eac95240fbdcf353e1f27c47340aba05f8547c75 100644 (file)
--- a/drivers/infiniband/hw/i40iw/i40iw_user.h
+++ b/drivers/infiniband/hw/i40iw/i40iw_user.h
@@ -102,6 +102,8 @@ enum i40iw_device_capabilities_const {
 
 #define I40IW_STAG_INDEX_FROM_STAG(stag)    (((stag) && 0xFFFFFF00) >> 8)
 
+#define        I40IW_MAX_MR_SIZE       0x10000000000L
+
 struct i40iw_qp_uk;
 struct i40iw_cq_uk;
 struct i40iw_srq_uk;

diff --git a/drivers/infiniband/hw/i40iw/i40iw_verbs.c b/drivers/infiniband/hw/i40iw/i40iw_verbs.c
index 1fe3b84a06e433a9b434f77cbab8f4b05870d08c..d7c4dd15f1c08ffc9977da50150bd0ca6262481f 100644 (file)
--- a/drivers/infiniband/hw/i40iw/i40iw_verbs.c
+++ b/drivers/infiniband/hw/i40iw/i40iw_verbs.c
@@ -1526,14 +1526,16 @@ static struct ib_mr *i40iw_reg_user_mr(struct ib_pd *pd,
        struct i40iw_mr *iwmr;
        struct ib_umem *region;
        struct i40iw_mem_reg_req req;
-       u32 pbl_depth = 0;
+       u64 pbl_depth = 0;
        u32 stag = 0;
        u16 access;
-       u32 region_length;
+       u64 region_length;
        bool use_pbles = false;
        unsigned long flags;
        int err = -ENOSYS;
 
+       if (length > I40IW_MAX_MR_SIZE)
+               return ERR_PTR(-EINVAL);
        region = ib_umem_get(pd->uobject->context, start, length, acc, 0);
        if (IS_ERR(region))
                return (struct ib_mr *)region;
@@ -1564,7 +1566,7 @@ static struct ib_mr *i40iw_reg_user_mr(struct ib_pd *pd,
        palloc = &iwpbl->pble_alloc;
 
        iwmr->type = req.reg_type;
-       iwmr->page_cnt = pbl_depth;
+       iwmr->page_cnt = (u32)pbl_depth;
 
        switch (req.reg_type) {
        case IW_MEMREG_TYPE_QP: