Commit 99e3fcfa authored by Haiyang Zhang's avatar Haiyang Zhang Committed by David S. Miller

hyperv: Fix page buffer handling in rndis_filter_send_request()

To prevent possible data corruption in RNDIS requests, add another
page buffer if the request message crossed page boundary.
Signed-off-by: default avatarHaiyang Zhang <haiyangz@microsoft.com>
Reviewed-by: default avatarK. Y. Srinivasan <kys@microsoft.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent ea496374
...@@ -45,7 +45,8 @@ struct rndis_request { ...@@ -45,7 +45,8 @@ struct rndis_request {
/* Simplify allocation by having a netvsc packet inline */ /* Simplify allocation by having a netvsc packet inline */
struct hv_netvsc_packet pkt; struct hv_netvsc_packet pkt;
struct hv_page_buffer buf; /* Set 2 pages for rndis requests crossing page boundary */
struct hv_page_buffer buf[2];
struct rndis_message request_msg; struct rndis_message request_msg;
/* /*
...@@ -227,6 +228,18 @@ static int rndis_filter_send_request(struct rndis_device *dev, ...@@ -227,6 +228,18 @@ static int rndis_filter_send_request(struct rndis_device *dev,
packet->page_buf[0].offset = packet->page_buf[0].offset =
(unsigned long)&req->request_msg & (PAGE_SIZE - 1); (unsigned long)&req->request_msg & (PAGE_SIZE - 1);
/* Add one page_buf when request_msg crossing page boundary */
if (packet->page_buf[0].offset + packet->page_buf[0].len > PAGE_SIZE) {
packet->page_buf_cnt++;
packet->page_buf[0].len = PAGE_SIZE -
packet->page_buf[0].offset;
packet->page_buf[1].pfn = virt_to_phys((void *)&req->request_msg
+ packet->page_buf[0].len) >> PAGE_SHIFT;
packet->page_buf[1].offset = 0;
packet->page_buf[1].len = req->request_msg.msg_len -
packet->page_buf[0].len;
}
packet->completion.send.send_completion_ctx = req;/* packet; */ packet->completion.send.send_completion_ctx = req;/* packet; */
packet->completion.send.send_completion = packet->completion.send.send_completion =
rndis_filter_send_request_completion; rndis_filter_send_request_completion;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment