[SCSI] libfcoe: Check for order and missing critical descriptors for FIP ELS requests
As per FC-BB-5 rev.2, section 7.8.7.1, strict ordering of FIP descriptors
is required for ELS requests. Also, look for missing and duplicate critical
descriptors.
Signed-off-by: Bhanu Prakash Gollapudi <bprakash@broadcom.com>
Signed-off-by: Robert Love <robert.w.love@intel.com>
Signed-off-by: James Bottomley <James.Bottomley@suse.de>
diff --git a/drivers/scsi/fcoe/libfcoe.c b/drivers/scsi/fcoe/libfcoe.c
index ce651ca..f009191 100644
--- a/drivers/scsi/fcoe/libfcoe.c
+++ b/drivers/scsi/fcoe/libfcoe.c
@@ -871,7 +871,8 @@
size_t els_len = 0;
size_t rlen;
size_t dlen;
- u32 dupl_desc = 0;
+ u32 desc_mask = 0;
+ u32 desc_cnt = 0;
fiph = (struct fip_header *)skb->data;
sub = fiph->fip_subcode;
@@ -884,20 +885,27 @@
desc = (struct fip_desc *)(fiph + 1);
while (rlen > 0) {
+ desc_cnt++;
dlen = desc->fip_dlen * FIP_BPW;
if (dlen < sizeof(*desc) || dlen > rlen)
goto drop;
/* Drop ELS if there are duplicate critical descriptors */
if (desc->fip_dtype < 32) {
- if (dupl_desc & 1U << desc->fip_dtype) {
+ if (desc_mask & 1U << desc->fip_dtype) {
LIBFCOE_FIP_DBG(fip, "Duplicate Critical "
"Descriptors in FIP ELS\n");
goto drop;
}
- dupl_desc |= (1 << desc->fip_dtype);
+ desc_mask |= (1 << desc->fip_dtype);
}
switch (desc->fip_dtype) {
case FIP_DT_MAC:
+ if (desc_cnt == 1) {
+ LIBFCOE_FIP_DBG(fip, "FIP descriptors "
+ "received out of order\n");
+ goto drop;
+ }
+
if (dlen != sizeof(struct fip_mac_desc))
goto len_err;
memcpy(granted_mac,
@@ -914,6 +922,11 @@
case FIP_DT_FDISC:
case FIP_DT_LOGO:
case FIP_DT_ELP:
+ if (desc_cnt != 1) {
+ LIBFCOE_FIP_DBG(fip, "FIP descriptors "
+ "received out of order\n");
+ goto drop;
+ }
if (fh)
goto drop;
if (dlen < sizeof(*els) + sizeof(*fh) + 1)
@@ -929,6 +942,11 @@
/* standard says ignore unknown descriptors >= 128 */
if (desc->fip_dtype < FIP_DT_VENDOR_BASE)
goto drop;
+ if (desc_cnt <= 2) {
+ LIBFCOE_FIP_DBG(fip, "FIP descriptors "
+ "received out of order\n");
+ goto drop;
+ }
break;
}
desc = (struct fip_desc *)((char *)desc + dlen);
@@ -944,6 +962,13 @@
els_op == ELS_LS_ACC && is_valid_ether_addr(granted_mac))
fip->flogi_oxid = FC_XID_UNKNOWN;
+ if ((desc_cnt == 0) || ((els_op != ELS_LS_RJT) &&
+ (!(1U << FIP_DT_MAC & desc_mask)))) {
+ LIBFCOE_FIP_DBG(fip, "Missing critical descriptors "
+ "in FIP ELS\n");
+ goto drop;
+ }
+
/*
* Convert skb into an fc_frame containing only the ELS.
*/