Commit 6e7fef68 authored Mar 03, 2025 by Dennis Dalessandro Committed by Liao Chen Mar 03, 2025

RDMA/hfi1: Fix potential integer multiplication overflow errors

stable inclusion
from stable-v4.19.247
commit 79c164e61f818054cd6012e9035701840d895c51
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/IBP3JC
CVE: CVE-2022-49404

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=79c164e61f818054cd6012e9035701840d895c51

--------------------------------

commit f93e91a0 upstream.

When multiplying of different types, an overflow is possible even when
storing the result in a larger type. This is because the conversion is
done after the multiplication. So arithmetic overflow and thus in
incorrect value is possible.

Correct an instance of this in the inter packet delay calculation.  Fix by
ensuring one of the operands is u64 which will promote the other to u64 as
well ensuring no overflow.

Cc: stable@vger.kernel.org
Fixes: 77241056 ("IB/hfi1: add driver files")
Link: https://lore.kernel.org/r/20220520183712.48973.29855.stgit@awfm-01.cornelisnetworks.com


Reviewed-by: Mike Marciniszyn <mike.marciniszyn@cornelisnetworks.com>
Signed-off-by: Dennis Dalessandro <dennis.dalessandro@cornelisnetworks.com>
Signed-off-by: Jason Gunthorpe <jgg@nvidia.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Liao Chen <liaochen4@huawei.com>

parent df354167

drivers/infiniband/hw/hfi1/init.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -535,7 +535,7 @@ void set_link_ipg(struct hfi1_pportdata *ppd)
		u16 shift, mult;
		u64 src;
		u32 current_egress_rate; /* Mbits /sec */
		u32 max_pkt_time;
		u64 max_pkt_time;
		/*
		* max_pkt_time is the maximum packet egress time in units
		* of the fabric clock period 1/(805 MHz).