Drop invalid or unexpected FCoE frames that come into the non-offload path since the FCoE firmware would not do the filtering for us. Signed-off-by: Chad Dupuis <chad.dupuis@xxxxxxxxxx> --- drivers/scsi/qedf/qedf_main.c | 46 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 46 insertions(+) diff --git a/drivers/scsi/qedf/qedf_main.c b/drivers/scsi/qedf/qedf_main.c index 7dae915..7d1a953 100644 --- a/drivers/scsi/qedf/qedf_main.c +++ b/drivers/scsi/qedf/qedf_main.c @@ -2088,6 +2088,8 @@ static void qedf_recv_frame(struct qedf_ctx *qedf, u8 *dest_mac = NULL; struct fcoe_hdr *hp; struct qedf_rport *fcport; + struct fc_lport *vn_port; + u32 f_ctl; lport = qedf->lport; if (lport == NULL || lport->state == LPORT_ST_DISABLED) { @@ -2124,6 +2126,10 @@ static void qedf_recv_frame(struct qedf_ctx *qedf, fh = fc_frame_header_get(fp); + /* + * Invalid frame filters. + */ + if (fh->fh_r_ctl == FC_RCTL_DD_SOL_DATA && fh->fh_type == FC_TYPE_FCP) { /* Drop FCP data. We dont this in L2 path */ @@ -2149,6 +2155,46 @@ static void qedf_recv_frame(struct qedf_ctx *qedf, return; } + if (ntoh24(&dest_mac[3]) != ntoh24(fh->fh_d_id)) { + QEDF_ERR(&(qedf->dbg_ctx), "FC frame d_id mismatch with MAC " + "%pM.\n", dest_mac); + return; + } + + if (qedf->ctlr.state) { + if (!ether_addr_equal(mac, qedf->ctlr.dest_addr)) { + QEDF_ERR(&(qedf->dbg_ctx), "Wrong source address: " + "mac:%pM dest_addr:%pM.\n", mac, + qedf->ctlr.dest_addr); + kfree_skb(skb); + return; + } + } + + vn_port = fc_vport_id_lookup(lport, ntoh24(fh->fh_d_id)); + + /* + * If the destination ID from the frame header does not match what we + * have on record for lport and the search for a NPIV port came up + * empty then this is not addressed to our port so simply drop it. + */ + if (lport->port_id != ntoh24(fh->fh_d_id) && !vn_port) { + QEDF_ERR(&(qedf->dbg_ctx), "Dropping frame due to " + "destination mismatch: lport->port_id=%x " + "fh->d_id=%x.\n", + lport->port_id, ntoh24(fh->fh_d_id)); + kfree_skb(skb); + return; + } + + f_ctl = ntoh24(fh->fh_f_ctl); + if ((fh->fh_type == FC_TYPE_BLS) && (f_ctl & FC_FC_SEQ_CTX) && + (f_ctl & FC_FC_EX_CTX)) { + /* Drop incoming ABTS response that has both SEQ/EX CTX set */ + kfree_skb(skb); + return; + } + /* * If a connection is uploading, drop incoming FCoE frames as there * is a small window where we could try to return a frame while libfc -- 1.8.5.6