From e73e2ee0acf5a0e0f47b9c2bcd73c835c4922fab Mon Sep 17 00:00:00 2001 From: John Baldwin Date: Fri, 14 May 2021 12:20:57 -0700 Subject: [PATCH] cxgbei: Handle target transfers with excess unsolicited data. The CTL frontend might have provided a buffer that is smaller than the FirstBurstLength and thus smaller than the amount of unsolicited data included in the request PDU. Treat these transfers as an empty transfer. Reported by: Jithesh Arakkan @ Chelsio Sponsored by: Chelsio Communications Differential Revision: https://reviews.freebsd.org/D29940 --- sys/dev/cxgbe/cxgbei/icl_cxgbei.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/sys/dev/cxgbe/cxgbei/icl_cxgbei.c b/sys/dev/cxgbe/cxgbei/icl_cxgbei.c index 7f638c96483..c4eb4a35ad3 100644 --- a/sys/dev/cxgbe/cxgbei/icl_cxgbei.c +++ b/sys/dev/cxgbe/cxgbei/icl_cxgbei.c @@ -1064,10 +1064,15 @@ icl_cxgbei_conn_transfer_setup(struct icl_conn *ic, union ctl_io *io, /* * Note that ICL calls conn_transfer_setup even if the first * burst had everything and there's nothing left to transfer. + * + * NB: The CTL frontend might have provided a buffer + * whose length (kern_data_len) is smaller than the + * FirstBurstLength of unsolicited data. Treat those + * as an empty transfer. */ - MPASS(ctsio->kern_data_len >= first_burst); xferlen = ctsio->kern_data_len; - if (xferlen - first_burst < ci->ddp_threshold) { + if (xferlen < first_burst || + xferlen - first_burst < ci->ddp_threshold) { no_ddp: /* * No DDP for this transfer. Allocate a TTT (based on