From e5decb2eb5f4d1f64ba9196b4bad0e26a441c81c Mon Sep 17 00:00:00 2001 From: Chuck Lever Date: Thu, 12 Nov 2020 14:47:14 -0500 Subject: svcrdma: Catch another Reply chunk overflow case When space in the Reply chunk runs out in the middle of a segment, we end up passing a zero-length SGL to rdma_rw_ctx_init(), and it oopses. Signed-off-by: Chuck Lever --- net/sunrpc/xprtrdma/svc_rdma_rw.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'net/sunrpc/xprtrdma/svc_rdma_rw.c') diff --git a/net/sunrpc/xprtrdma/svc_rdma_rw.c b/net/sunrpc/xprtrdma/svc_rdma_rw.c index 80a0c0e87590..7c50eddb8d3c 100644 --- a/net/sunrpc/xprtrdma/svc_rdma_rw.c +++ b/net/sunrpc/xprtrdma/svc_rdma_rw.c @@ -460,6 +460,8 @@ svc_rdma_build_writes(struct svc_rdma_write_info *info, offset += info->wi_seg_off; write_len = min(remaining, length - info->wi_seg_off); + if (!write_len) + goto out_overflow; ctxt = svc_rdma_get_rw_ctxt(rdma, (write_len >> PAGE_SHIFT) + 2); if (!ctxt) -- cgit v1.2.3