On Wed, 2019-07-31 at 16:03 +0530, Krishnamraju Eraparaju wrote:
> while processing MPA Reply, SIW driver is trying to read extra 4 bytes
> than what peer has advertised as private data length.
> 
> If a FPDU data is received before even siw_recv_mpa_rr() completed
> reading MPA reply, then ksock_recv() in siw_recv_mpa_rr() could also
> read FPDU, if "size" is larger than advertised MPA reply length.
> 
>  501 static int siw_recv_mpa_rr(struct siw_cep *cep)
>  502 {
>           .............
>  572
>  573         if (rcvd > to_rcv)
>  574                 return -EPROTO;   <----- Failure here
> 
> Looks like the intention here is to throw an ERROR if the received
> data
> is more than the total private data length advertised by the peer. But
> reading beyond MPA message causes siw_cm to generate
> RDMA_CM_EVENT_CONNECT_ERROR event when TCP socket recv buffer is
> already
> queued with FPDU messages.
> 
> Hence, this function should only read upto private data length.
> 
> Signed-off-by: Krishnamraju Eraparaju <krishna2@chelsio.com>

Once you apply this patch, the if (rcvd > to_rcv) test you listed above
in the commit message becomes dead code.  So I removed it while applying
the patch.  Thanks.

-- 
Doug Ledford <dledford@redhat.com>
    GPG KeyID: B826A3330E572FDD
    Fingerprint = AE6B 1BDA 122B 23B4 265B  1274 B826 A333 0E57 2FDD