RDMA/rxe: Implement packet length validation on responder

The function check_length() is supposed to check the length of inbound
packets on responder, but it actually has been a stub since the driver was
born. Let it check the payload length and the DMA length.

Signed-off-by: Daisuke Matsuda <matsuda-daisuke@fujitsu.com>
Link: https://lore.kernel.org/r/20221107055338.357184-1-matsuda-daisuke@fujitsu.com
Reviewed-by: Li Zhijian <lizhijian@fujitsu.com>
Acked-by: Zhu Yanjun <zyjzyj2000@gmail.com>
Signed-off-by: Leon Romanovsky <leon@kernel.org>

diff --git a/drivers/infiniband/sw/rxe/rxe_resp.c b/drivers/infiniband/sw/rxe/rxe_resp.c
index c32bc12..382d205 100644 (file)
--- a/drivers/infiniband/sw/rxe/rxe_resp.c
+++ b/drivers/infiniband/sw/rxe/rxe_resp.c
@@ -393,16 +393,36 @@ static enum resp_states check_resource(struct rxe_qp *qp,
 static enum resp_states check_length(struct rxe_qp *qp,
                                     struct rxe_pkt_info *pkt)
 {
-       switch (qp_type(qp)) {
-       case IB_QPT_RC:
-               return RESPST_CHK_RKEY;
+       int mtu = qp->mtu;
+       u32 payload = payload_size(pkt);
+       u32 dmalen = reth_len(pkt);
 
-       case IB_QPT_UC:
-               return RESPST_CHK_RKEY;
+       /* RoCEv2 packets do not have LRH.
+        * Let's skip checking it.
+        */
 
-       default:
-               return RESPST_CHK_RKEY;
+       if ((pkt->opcode & RXE_START_MASK) &&
+           (pkt->opcode & RXE_END_MASK)) {
+               /* "only" packets */
+               if (payload > mtu)
+                       return RESPST_ERR_LENGTH;
+       } else if ((pkt->opcode & RXE_START_MASK) ||
+                  (pkt->opcode & RXE_MIDDLE_MASK)) {
+               /* "first" or "middle" packets */
+               if (payload != mtu)
+                       return RESPST_ERR_LENGTH;
+       } else if (pkt->opcode & RXE_END_MASK) {
+               /* "last" packets */
+               if ((payload == 0) || (payload > mtu))
+                       return RESPST_ERR_LENGTH;
+       }
+
+       if (pkt->opcode & (RXE_WRITE_MASK | RXE_READ_MASK)) {
+               if (dmalen > (1 << 31))
+                       return RESPST_ERR_LENGTH;
        }
+
+       return RESPST_CHK_RKEY;
 }
 
 static enum resp_states check_rkey(struct rxe_qp *qp,