aboutsummaryrefslogtreecommitdiffstats
path: root/drivers/infiniband
diff options
context:
space:
mode:
authorFaisal Latif <faisal.latif@intel.com>2009-12-09 18:53:54 -0500
committerRoland Dreier <rolandd@cisco.com>2009-12-09 18:53:54 -0500
commit1cf078c9951b531bc222a5195306a3a927c24fc9 (patch)
tree7a18a93dcf6c2a143cc5aa8a1dbdffe91a43ed06 /drivers/infiniband
parent8ac7f6e1af5309d4fdf6805fb64ef48c1c820d85 (diff)
RDMA/nes: MPA request/response error checking
During Xansation testing, we saw that error handling of MPA frame msg/response is not handled properly. Signed-off-by: Faisal Latif <faisal.latif@intel.com> Signed-off-by: Roland Dreier <rolandd@cisco.com>
Diffstat (limited to 'drivers/infiniband')
-rw-r--r--drivers/infiniband/hw/nes/nes_cm.c31
1 files changed, 29 insertions, 2 deletions
diff --git a/drivers/infiniband/hw/nes/nes_cm.c b/drivers/infiniband/hw/nes/nes_cm.c
index dbe545505331..ae0946342a9c 100644
--- a/drivers/infiniband/hw/nes/nes_cm.c
+++ b/drivers/infiniband/hw/nes/nes_cm.c
@@ -251,6 +251,33 @@ static int parse_mpa(struct nes_cm_node *cm_node, u8 *buffer, u32 *type,
251 251
252 mpa_frame = (struct ietf_mpa_frame *)buffer; 252 mpa_frame = (struct ietf_mpa_frame *)buffer;
253 cm_node->mpa_frame_size = ntohs(mpa_frame->priv_data_len); 253 cm_node->mpa_frame_size = ntohs(mpa_frame->priv_data_len);
254 /* make sure mpa private data len is less than 512 bytes */
255 if (cm_node->mpa_frame_size > IETF_MAX_PRIV_DATA_LEN) {
256 nes_debug(NES_DBG_CM, "The received Length of Private"
257 " Data field exceeds 512 octets\n");
258 return -EINVAL;
259 }
260 /*
261 * make sure MPA receiver interoperate with the
262 * received MPA version and MPA key information
263 *
264 */
265 if (mpa_frame->rev != mpa_version) {
266 nes_debug(NES_DBG_CM, "The received mpa version"
267 " can not be interoperated\n");
268 return -EINVAL;
269 }
270 if (cm_node->state != NES_CM_STATE_MPAREQ_SENT) {
271 if (memcmp(mpa_frame->key, IEFT_MPA_KEY_REQ, IETF_MPA_KEY_SIZE)) {
272 nes_debug(NES_DBG_CM, "Unexpected MPA Key received \n");
273 return -EINVAL;
274 }
275 } else {
276 if (memcmp(mpa_frame->key, IEFT_MPA_KEY_REP, IETF_MPA_KEY_SIZE)) {
277 nes_debug(NES_DBG_CM, "Unexpected MPA Key received \n");
278 return -EINVAL;
279 }
280 }
254 281
255 if (cm_node->mpa_frame_size + sizeof(struct ietf_mpa_frame) != len) { 282 if (cm_node->mpa_frame_size + sizeof(struct ietf_mpa_frame) != len) {
256 nes_debug(NES_DBG_CM, "The received ietf buffer was not right" 283 nes_debug(NES_DBG_CM, "The received ietf buffer was not right"
@@ -1974,7 +2001,7 @@ static struct nes_cm_node *mini_cm_connect(struct nes_cm_core *cm_core,
1974 if (!cm_node) 2001 if (!cm_node)
1975 return NULL; 2002 return NULL;
1976 mpa_frame = &cm_node->mpa_frame; 2003 mpa_frame = &cm_node->mpa_frame;
1977 strcpy(mpa_frame->key, IEFT_MPA_KEY_REQ); 2004 memcpy(mpa_frame->key, IEFT_MPA_KEY_REQ, IETF_MPA_KEY_SIZE);
1978 mpa_frame->flags = IETF_MPA_FLAGS_CRC; 2005 mpa_frame->flags = IETF_MPA_FLAGS_CRC;
1979 mpa_frame->rev = IETF_MPA_VERSION; 2006 mpa_frame->rev = IETF_MPA_VERSION;
1980 mpa_frame->priv_data_len = htons(private_data_len); 2007 mpa_frame->priv_data_len = htons(private_data_len);
@@ -2929,7 +2956,7 @@ int nes_reject(struct iw_cm_id *cm_id, const void *pdata, u8 pdata_len)
2929 if (cm_node->mpa_frame_size > MAX_CM_BUFFER) 2956 if (cm_node->mpa_frame_size > MAX_CM_BUFFER)
2930 return -EINVAL; 2957 return -EINVAL;
2931 2958
2932 strcpy(&cm_node->mpa_frame.key[0], IEFT_MPA_KEY_REP); 2959 memcpy(&cm_node->mpa_frame.key[0], IEFT_MPA_KEY_REP, IETF_MPA_KEY_SIZE);
2933 if (loopback) { 2960 if (loopback) {
2934 memcpy(&loopback->mpa_frame.priv_data, pdata, pdata_len); 2961 memcpy(&loopback->mpa_frame.priv_data, pdata, pdata_len);
2935 loopback->mpa_frame.priv_data_len = pdata_len; 2962 loopback->mpa_frame.priv_data_len = pdata_len;
generated by cgit v1.2.2 (git 2.25.0) at 2024-11-28 07:28:12 -0500