RDMA/cxgb4: Fix underflows in c4iw_create_qp()

These sizes should be unsigned so we don't allow negative values and
have underflow bugs.  These can come from the user so there may be
security implications, but I have not tested this.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Roland Dreier <roland@purestorage.com>

diff --git a/drivers/infiniband/hw/cxgb4/qp.c b/drivers/infiniband/hw/cxgb4/qp.c
index 582936708e6e492dfca46b88b5db98f16159c0db..72ea152c5f4069a1b6c90079149e75812eac1484 100644 (file)
--- a/drivers/infiniband/hw/cxgb4/qp.c
+++ b/drivers/infiniband/hw/cxgb4/qp.c
@@ -1533,7 +1533,7 @@ struct ib_qp *c4iw_create_qp(struct ib_pd *pd, struct ib_qp_init_attr *attrs,
        struct c4iw_cq *schp;
        struct c4iw_cq *rchp;
        struct c4iw_create_qp_resp uresp;
-       int sqsize, rqsize;
+       unsigned int sqsize, rqsize;
        struct c4iw_ucontext *ucontext;
        int ret;
        struct c4iw_mm_entry *mm1, *mm2, *mm3, *mm4, *mm5 = NULL;