[PATCH 4.9 32/66] IB/srp: fix invalid indirect_sg_entries parameter value

From: Greg Kroah-Hartman
Date: Tue Jan 31 2017 - 00:43:42 EST

4.9-stable review patch. If anyone has any objections, please let me know.


From: Israel Rukshin <israelr@xxxxxxxxxxxx>

commit 0a475ef4226e305bdcffe12b401ca1eab06c4913 upstream.

After setting indirect_sg_entries module_param to huge value (e.g 500,000),
srp_alloc_req_data() fails to allocate indirect descriptors for the request
ring (kmalloc fails). This commit enforces the maximum value of
indirect_sg_entries to be SG_MAX_SEGMENTS as signified in module param

Fixes: 65e8617fba17 (scsi: rename SCSI_MAX_{SG, SG_CHAIN}_SEGMENTS)
Fixes: c07d424d6118 (IB/srp: add support for indirect tables that don't fit in SRP_CMD)
Signed-off-by: Israel Rukshin <israelr@xxxxxxxxxxxx>
Signed-off-by: Max Gurtovoy <maxg@xxxxxxxxxxxx>
Reviewed-by: Laurence Oberman <loberman@xxxxxxxxxx>
Reviewed-by: Bart Van Assche <bart.vanassche@xxxxxxxxxxx>--
Signed-off-by: Doug Ledford <dledford@xxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>

drivers/infiniband/ulp/srp/ib_srp.c | 6 ++++++
1 file changed, 6 insertions(+)

--- a/drivers/infiniband/ulp/srp/ib_srp.c
+++ b/drivers/infiniband/ulp/srp/ib_srp.c
@@ -3683,6 +3683,12 @@ static int __init srp_init_module(void)
indirect_sg_entries = cmd_sg_entries;

+ if (indirect_sg_entries > SG_MAX_SEGMENTS) {
+ pr_warn("Clamping indirect_sg_entries to %u\n",
+ indirect_sg_entries = SG_MAX_SEGMENTS;
+ }
srp_remove_wq = create_workqueue("srp_remove");
if (!srp_remove_wq) {
ret = -ENOMEM;