cxgbei: Handle target transfers with excess unsolicited data.

The CTL frontend might have provided a buffer that is smaller than the FirstBurstLength and thus smaller than the amount of unsolicited data included in the request PDU. Treat these transfers as an empty transfer. Reported by: Jithesh Arakkan @ Chelsio Sponsored by: Chelsio Communications Differential Revision: https://reviews.freebsd.org/D29940
2021-05-14 12:20:57 -07:00 · 2021-05-14 12:20:57 -07:00 · e73e2ee0ac
commit e73e2ee0ac
parent e894e3adb2
1 changed files with 7 additions and 2 deletions
--- a/sys/dev/cxgbe/cxgbei/icl_cxgbei.c
+++ b/sys/dev/cxgbe/cxgbei/icl_cxgbei.c
@ -1064,10 +1064,15 @@ icl_cxgbei_conn_transfer_setup(struct icl_conn *ic, union ctl_io *io,
 		/*
 		 * Note that ICL calls conn_transfer_setup even if the first
 		 * burst had everything and there's nothing left to transfer.
+		 *
+		 * NB: The CTL frontend might have provided a buffer
+		 * whose length (kern_data_len) is smaller than the
+		 * FirstBurstLength of unsolicited data.  Treat those
+		 * as an empty transfer.
 		 */
-		MPASS(ctsio->kern_data_len >= first_burst);
 		xferlen = ctsio->kern_data_len;
-		if (xferlen - first_burst < ci->ddp_threshold) {
+		if (xferlen < first_burst ||
+		    xferlen - first_burst < ci->ddp_threshold) {
 no_ddp:
 			/*
 			 * No DDP for this transfer.  Allocate a TTT (based on