On Thu, Jun 11, 2026 at 02:17:45PM +0300, Leon Romanovsky wrote: > On Mon, May 25, 2026 at 12:01:01PM -0700, Erni Sri Satya Vennela wrote: > > mana_ib stores its adapter capabilities internally as u32 in > > struct mana_ib_adapter_caps. The IB core, however, exposes the > > corresponding device attributes through struct ib_device_attr, where > > fields such as max_qp, max_qp_wr, max_send_sge, max_recv_sge, > > max_sge_rd, max_cq, max_cqe, max_mr, max_pd, max_qp_rd_atom, > > max_res_rd_atom and max_qp_init_rd_atom are signed int. > > > > mana_ib_query_device() is the only place that copies the cached u32 > > caps into these int fields. If a cap exceeds INT_MAX, the implicit > > u32-to-int narrowing yields a negative value. Clamp each cap to > > INT_MAX at this boundary so the values handed to the IB core are always > > non-negative. > > > > While here, fix a related overflow in the computation of > > max_res_rd_atom. It is derived as max_qp_rd_atom * max_qp, both of > > which are int after the assignment above; the multiplication can > > overflow an int even with the new clamps in place. Widen to s64 > > before multiplying and clamp the result to INT_MAX. > > > > Signed-off-by: Erni Sri Satya Vennela <[email protected]> > > --- > > Changes in v3: > > * Drop clamping from mana_ib_gd_query_adapter_caps(). The internal u32 > > caps cache does not need to be clamped. > > * Move all clamping exclusively to mana_ib_query_device(), which is the > > only place the cached u32 values are narrowed into the signed int > > fields of struct ib_device_attr. > > * Reframe commit message: this is a u32-to-int type boundary fix, not a > > CVM/untrusted-hardware hardening patch. > > You should align all types to u32 and avoid hiding the issue behind > min_t(). > > Thanks Yes Leon, I'm currently at v7 version of this patch. I'm planning to completely avoid using min_t in the next version.
- Vennela
