Some SRP targets that do not support specification SRP-2, put
the garbage to the reserved bits of the SRP login response.
The problem was not detected for a long time because the SRP
initiator ignored those bits. But now one of them is used as
SRP_LOGIN_RSP_IMMED_SUPP. And it causes a critical error on
the target when the initiator sends immediate data.
The ib_srp module has a use_imm_date parameter to enable or
disable immediate data manually. But it does not help in the above
case, because use_imm_date is ignored at handling the SRP login
response. The problem is definitely caused by a bug on the target
side, but the initiator's behavior also does not look correct.
The initiator should not use immediate data if use_imm_date is
disabled by a user.
This commit adds an additional checking of use_imm_date at
the handling of SRP login response to avoid unexpected use of
immediate data.
Fixes: commit 882981f4a411 ("RDMA/srp: Add support for immediate data")
Signed-off-by: Sergey Gorenko <sergeygo@xxxxxxxxxxxx>
---
drivers/infiniband/ulp/srp/ib_srp.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/infiniband/ulp/srp/ib_srp.c b/drivers/infiniband/ulp/srp/ib_srp.c
index b7f7a5f7bd98..cd1181c39ed2 100644
--- a/drivers/infiniband/ulp/srp/ib_srp.c
+++ b/drivers/infiniband/ulp/srp/ib_srp.c
@@ -2546,7 +2546,8 @@ static void srp_cm_rep_handler(struct ib_cm_id *cm_id,
if (lrsp->opcode == SRP_LOGIN_RSP) {
ch->max_ti_iu_len = be32_to_cpu(lrsp->max_ti_iu_len);
ch->req_lim = be32_to_cpu(lrsp->req_lim_delta);
- ch->use_imm_data = lrsp->rsp_flags & SRP_LOGIN_RSP_IMMED_SUPP;
+ ch->use_imm_data = srp_use_imm_data &&
+ (lrsp->rsp_flags & SRP_LOGIN_RSP_IMMED_SUPP);
ch->max_it_iu_len = srp_max_it_iu_len(target->cmd_sg_cnt,
ch->use_imm_data,
target->max_it_iu_size);
--
2.21.0
