- uptllnd credit overflow fix.
Description:
Details :
+Severity : minor
+Bugzilla : 15984
+Description: uptllnd credit overflow fix
+Details : kptl_msg_t::ptlm_credits could be overflown by uptllnd since
+ it is only a __u8.
+
Severity : major
Bugzilla : 14634
Description: socklnd prtocol version 3
} kptl_msg_t;
+/* kptl_msg_t::ptlm_credits is only a __u8 */
+#define PTLLND_MSG_MAX_CREDITS ((typeof(((kptl_msg_t*) 0)->ptlm_credits)) -1)
+
#define PTLLND_MSG_MAGIC LNET_PROTO_PTL_MAGIC
#define PTLLND_MSG_VERSION 0x04
return -EINVAL;
}
- /* kptl_msg_t::ptlm_credits is only a __u8 */
- if (*kptllnd_tunables.kptl_peercredits > 255) {
- CERROR("kptl_peercredits must be <= 255\n");
+ if (*kptllnd_tunables.kptl_peercredits > PTLLND_MSG_MAX_CREDITS) {
+ CERROR("peercredits must be <= %d\n", PTLLND_MSG_MAX_CREDITS);
return -EINVAL;
}
PTLLND_MAX_ULND_MSG_SIZE);
if (rc != 0)
return rc;
+ if (plni->plni_peer_credits > PTLLND_MSG_MAX_CREDITS) {
+ CERROR("PTLLND_PEERCREDITS must be <= %d\n", PTLLND_MSG_MAX_CREDITS);
+ return -EINVAL;
+ }
rc = ptllnd_parse_int_tunable(&msgs_per_buffer,
"PTLLND_MSGS_PER_BUFFER", 64);
/*
* Return all the credits we have
*/
- tx->tx_msg.ptlm_credits = peer->plp_outstanding_credits;
- peer->plp_sent_credits += peer->plp_outstanding_credits;
- peer->plp_outstanding_credits = 0;
+ tx->tx_msg.ptlm_credits = MIN(PTLLND_MSG_MAX_CREDITS,
+ peer->plp_outstanding_credits);
+ peer->plp_sent_credits += tx->tx_msg.ptlm_credits;
+ peer->plp_outstanding_credits -= tx->tx_msg.ptlm_credits;
/*
* One less credit