From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.3 required=3.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SIGNED_OFF_BY,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED, USER_AGENT_SANE_1 autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 84695C19759 for ; Thu, 1 Aug 2019 11:34:34 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 55A2C20838 for ; Thu, 1 Aug 2019 11:34:34 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1725930AbfHALed (ORCPT ); Thu, 1 Aug 2019 07:34:33 -0400 Received: from stargate.chelsio.com ([12.32.117.8]:14980 "EHLO stargate.chelsio.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725379AbfHALed (ORCPT ); Thu, 1 Aug 2019 07:34:33 -0400 Received: from localhost (budha.blr.asicdesigners.com [10.193.185.4]) by stargate.chelsio.com (8.13.8/8.13.8) with ESMTP id x71BYNvP029930; Thu, 1 Aug 2019 04:34:24 -0700 Date: Thu, 1 Aug 2019 17:04:23 +0530 From: Krishnamraju Eraparaju To: Doug Ledford Cc: jgg@ziepe.ca, bmt@zurich.ibm.com, linux-rdma@vger.kernel.org, bharat@chelsio.com, nirranjan@chelsio.com Subject: Re: [PATCH for-rc] siw: MPA Reply handler tries to read beyond MPA message Message-ID: <20190801113421.GA3145@chelsio.com> References: <20190731103310.23199-1-krishna2@chelsio.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.9.3 (20180206.02d571c2) Sender: linux-rdma-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-rdma@vger.kernel.org On Wednesday, July 07/31/19, 2019 at 15:17:40 -0400, Doug Ledford wrote: > On Wed, 2019-07-31 at 16:03 +0530, Krishnamraju Eraparaju wrote: > > while processing MPA Reply, SIW driver is trying to read extra 4 bytes > > than what peer has advertised as private data length. > > > > If a FPDU data is received before even siw_recv_mpa_rr() completed > > reading MPA reply, then ksock_recv() in siw_recv_mpa_rr() could also > > read FPDU, if "size" is larger than advertised MPA reply length. > > > > 501 static int siw_recv_mpa_rr(struct siw_cep *cep) > > 502 { > > ............. > > 572 > > 573 if (rcvd > to_rcv) > > 574 return -EPROTO; <----- Failure here > > > > Looks like the intention here is to throw an ERROR if the received > > data > > is more than the total private data length advertised by the peer. But > > reading beyond MPA message causes siw_cm to generate > > RDMA_CM_EVENT_CONNECT_ERROR event when TCP socket recv buffer is > > already > > queued with FPDU messages. > > > > Hence, this function should only read upto private data length. > > > > Signed-off-by: Krishnamraju Eraparaju > > Once you apply this patch, the if (rcvd > to_rcv) test you listed above > in the commit message becomes dead code. So I removed it while applying > the patch. Thanks. > Thanks Doug. > -- > Doug Ledford > GPG KeyID: B826A3330E572FDD > Fingerprint = AE6B 1BDA 122B 23B4 265B 1274 B826 A333 0E57 2FDD