diff options
author | Faisal Latif <faisal.latif@intel.com> | 2009-12-09 18:53:54 -0500 |
---|---|---|
committer | Roland Dreier <rolandd@cisco.com> | 2009-12-09 18:53:54 -0500 |
commit | 1cf078c9951b531bc222a5195306a3a927c24fc9 (patch) | |
tree | 7a18a93dcf6c2a143cc5aa8a1dbdffe91a43ed06 /drivers/infiniband/hw | |
parent | 8ac7f6e1af5309d4fdf6805fb64ef48c1c820d85 (diff) |
RDMA/nes: MPA request/response error checking
During Xansation testing, we saw that error handling of MPA frame
msg/response is not handled properly.
Signed-off-by: Faisal Latif <faisal.latif@intel.com>
Signed-off-by: Roland Dreier <rolandd@cisco.com>
Diffstat (limited to 'drivers/infiniband/hw')
-rw-r--r-- | drivers/infiniband/hw/nes/nes_cm.c | 31 |
1 files changed, 29 insertions, 2 deletions
diff --git a/drivers/infiniband/hw/nes/nes_cm.c b/drivers/infiniband/hw/nes/nes_cm.c index dbe545505331..ae0946342a9c 100644 --- a/drivers/infiniband/hw/nes/nes_cm.c +++ b/drivers/infiniband/hw/nes/nes_cm.c | |||
@@ -251,6 +251,33 @@ static int parse_mpa(struct nes_cm_node *cm_node, u8 *buffer, u32 *type, | |||
251 | 251 | ||
252 | mpa_frame = (struct ietf_mpa_frame *)buffer; | 252 | mpa_frame = (struct ietf_mpa_frame *)buffer; |
253 | cm_node->mpa_frame_size = ntohs(mpa_frame->priv_data_len); | 253 | cm_node->mpa_frame_size = ntohs(mpa_frame->priv_data_len); |
254 | /* make sure mpa private data len is less than 512 bytes */ | ||
255 | if (cm_node->mpa_frame_size > IETF_MAX_PRIV_DATA_LEN) { | ||
256 | nes_debug(NES_DBG_CM, "The received Length of Private" | ||
257 | " Data field exceeds 512 octets\n"); | ||
258 | return -EINVAL; | ||
259 | } | ||
260 | /* | ||
261 | * make sure MPA receiver interoperate with the | ||
262 | * received MPA version and MPA key information | ||
263 | * | ||
264 | */ | ||
265 | if (mpa_frame->rev != mpa_version) { | ||
266 | nes_debug(NES_DBG_CM, "The received mpa version" | ||
267 | " can not be interoperated\n"); | ||
268 | return -EINVAL; | ||
269 | } | ||
270 | if (cm_node->state != NES_CM_STATE_MPAREQ_SENT) { | ||
271 | if (memcmp(mpa_frame->key, IEFT_MPA_KEY_REQ, IETF_MPA_KEY_SIZE)) { | ||
272 | nes_debug(NES_DBG_CM, "Unexpected MPA Key received \n"); | ||
273 | return -EINVAL; | ||
274 | } | ||
275 | } else { | ||
276 | if (memcmp(mpa_frame->key, IEFT_MPA_KEY_REP, IETF_MPA_KEY_SIZE)) { | ||
277 | nes_debug(NES_DBG_CM, "Unexpected MPA Key received \n"); | ||
278 | return -EINVAL; | ||
279 | } | ||
280 | } | ||
254 | 281 | ||
255 | if (cm_node->mpa_frame_size + sizeof(struct ietf_mpa_frame) != len) { | 282 | if (cm_node->mpa_frame_size + sizeof(struct ietf_mpa_frame) != len) { |
256 | nes_debug(NES_DBG_CM, "The received ietf buffer was not right" | 283 | nes_debug(NES_DBG_CM, "The received ietf buffer was not right" |
@@ -1974,7 +2001,7 @@ static struct nes_cm_node *mini_cm_connect(struct nes_cm_core *cm_core, | |||
1974 | if (!cm_node) | 2001 | if (!cm_node) |
1975 | return NULL; | 2002 | return NULL; |
1976 | mpa_frame = &cm_node->mpa_frame; | 2003 | mpa_frame = &cm_node->mpa_frame; |
1977 | strcpy(mpa_frame->key, IEFT_MPA_KEY_REQ); | 2004 | memcpy(mpa_frame->key, IEFT_MPA_KEY_REQ, IETF_MPA_KEY_SIZE); |
1978 | mpa_frame->flags = IETF_MPA_FLAGS_CRC; | 2005 | mpa_frame->flags = IETF_MPA_FLAGS_CRC; |
1979 | mpa_frame->rev = IETF_MPA_VERSION; | 2006 | mpa_frame->rev = IETF_MPA_VERSION; |
1980 | mpa_frame->priv_data_len = htons(private_data_len); | 2007 | mpa_frame->priv_data_len = htons(private_data_len); |
@@ -2929,7 +2956,7 @@ int nes_reject(struct iw_cm_id *cm_id, const void *pdata, u8 pdata_len) | |||
2929 | if (cm_node->mpa_frame_size > MAX_CM_BUFFER) | 2956 | if (cm_node->mpa_frame_size > MAX_CM_BUFFER) |
2930 | return -EINVAL; | 2957 | return -EINVAL; |
2931 | 2958 | ||
2932 | strcpy(&cm_node->mpa_frame.key[0], IEFT_MPA_KEY_REP); | 2959 | memcpy(&cm_node->mpa_frame.key[0], IEFT_MPA_KEY_REP, IETF_MPA_KEY_SIZE); |
2933 | if (loopback) { | 2960 | if (loopback) { |
2934 | memcpy(&loopback->mpa_frame.priv_data, pdata, pdata_len); | 2961 | memcpy(&loopback->mpa_frame.priv_data, pdata, pdata_len); |
2935 | loopback->mpa_frame.priv_data_len = pdata_len; | 2962 | loopback->mpa_frame.priv_data_len = pdata_len; |