On Mon, May 25, 2026 at 12:01:01PM -0700, Erni Sri Satya Vennela wrote: > mana_ib stores its adapter capabilities internally as u32 in > struct mana_ib_adapter_caps. The IB core, however, exposes the > corresponding device attributes through struct ib_device_attr, where > fields such as max_qp, max_qp_wr, max_send_sge, max_recv_sge, > max_sge_rd, max_cq, max_cqe, max_mr, max_pd, max_qp_rd_atom, > max_res_rd_atom and max_qp_init_rd_atom are signed int. > > mana_ib_query_device() is the only place that copies the cached u32 > caps into these int fields. If a cap exceeds INT_MAX, the implicit > u32-to-int narrowing yields a negative value. Clamp each cap to > INT_MAX at this boundary so the values handed to the IB core are always > non-negative. > > While here, fix a related overflow in the computation of > max_res_rd_atom. It is derived as max_qp_rd_atom * max_qp, both of > which are int after the assignment above; the multiplication can > overflow an int even with the new clamps in place. Widen to s64 > before multiplying and clamp the result to INT_MAX. > > Signed-off-by: Erni Sri Satya Vennela <[email protected]> > --- > Changes in v3: > * Drop clamping from mana_ib_gd_query_adapter_caps(). The internal u32 > caps cache does not need to be clamped. > * Move all clamping exclusively to mana_ib_query_device(), which is the > only place the cached u32 values are narrowed into the signed int > fields of struct ib_device_attr. > * Reframe commit message: this is a u32-to-int type boundary fix, not a > CVM/untrusted-hardware hardening patch.
You should align all types to u32 and avoid hiding the issue behind min_t(). Thanks
