RDMA/mana_ib: Fix integer overflow during queue creation

Check queue size during CQ creation for users to prevent
overflow of u32.

Fixes: bec127e45d9f ("RDMA/mana_ib: create kernel-level CQs")
Signed-off-by: Konstantin Taranov <kotaranov@microsoft.com>
Link: https://patch.msgid.link/1742312744-14370-1-git-send-email-kotaranov@linux.microsoft.com
Reviewed-by: Long Li <longli@microsoft.com>
Signed-off-by: Leon Romanovsky <leon@kernel.org>

diff --git a/drivers/infiniband/hw/mana/cq.c b/drivers/infiniband/hw/mana/cq.c
index 5c325ef4ac56a03e0da0acb631a80502bb2454f0..0fc4e26792180ba54704a37c37b37795530c9330 100644 (file)
--- a/drivers/infiniband/hw/mana/cq.c
+++ b/drivers/infiniband/hw/mana/cq.c
@@ -39,7 +39,8 @@ int mana_ib_create_cq(struct ib_cq *ibcq, const struct ib_cq_init_attr *attr,
 
                is_rnic_cq = !!(ucmd.flags & MANA_IB_CREATE_RNIC_CQ);
 
-               if (!is_rnic_cq && attr->cqe > mdev->adapter_caps.max_qp_wr) {
+               if ((!is_rnic_cq && attr->cqe > mdev->adapter_caps.max_qp_wr) ||
+                   attr->cqe > U32_MAX / COMP_ENTRY_SIZE) {
                        ibdev_dbg(ibdev, "CQE %d exceeding limit\n", attr->cqe);
                        return -EINVAL;
                }