[linda] Validate payload length

There is no way for the hardware to give us an invalid length in the
LRH, since it must have parsed this length field in order to perform
header splitting.  However, this is difficult to prove conclusively.

Add an unnecessary length check to explicitly reject any packets
larger than the posted receive I/O buffer.

Signed-off-by: Michael Brown <mcb30@ipxe.org>

src/drivers/infiniband/linda.c

 			/* Completing the eager buffer described in
 			 * this header entry.
 			 */
-			iob_put ( iobuf, payload_len );
-			rc = ( err ? -EIO : ( useegrbfr ? 0 : -ECANCELED ) );
+			if ( payload_len <= iob_tailroom ( iobuf ) ) {
+				iob_put ( iobuf, payload_len );
+				rc = ( err ?
+				       -EIO : ( useegrbfr ? 0 : -ECANCELED ) );
+			} else {
+				DBGC ( linda, "Linda %p bad payload len %zd\n",
+				       linda, payload_len );
+				rc = -EPROTO;
+			}
 			/* Redirect to target QP if necessary */
 			if ( qp != intended_qp ) {
 				DBGC ( linda, "Linda %p redirecting QPN %ld "
 				intended_qp->recv.fill++;
 			}
 			ib_complete_recv ( ibdev, intended_qp, &dest, &source,
-					   iobuf, rc);
+					   iobuf, rc );
 		} else {
 			/* Completing on a skipped-over eager buffer */
 			ib_complete_recv ( ibdev, qp, &dest, &source, iobuf,