Commit 871088bf authored by Jan Beulich's avatar Jan Beulich Committed by David S. Miller

xen-netback: handle page straddling in xenvif_set_hash_mapping()

There's no guarantee that the mapping array doesn't cross a page
boundary. Use a second grant copy operation if necessary.
Signed-off-by: default avatarJan Beulich <jbeulich@suse.com>
Acked-by: default avatarWei Liu <wei.liu2@citrix.com>
Reviewed-by: default avatarPaul Durrant <paul.durrant@citrix.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 22f9cde3
...@@ -334,28 +334,39 @@ u32 xenvif_set_hash_mapping(struct xenvif *vif, u32 gref, u32 len, ...@@ -334,28 +334,39 @@ u32 xenvif_set_hash_mapping(struct xenvif *vif, u32 gref, u32 len,
u32 off) u32 off)
{ {
u32 *mapping = vif->hash.mapping[!vif->hash.mapping_sel]; u32 *mapping = vif->hash.mapping[!vif->hash.mapping_sel];
struct gnttab_copy copy_op = { unsigned int nr = 1;
struct gnttab_copy copy_op[2] = {{
.source.u.ref = gref, .source.u.ref = gref,
.source.domid = vif->domid, .source.domid = vif->domid,
.dest.domid = DOMID_SELF, .dest.domid = DOMID_SELF,
.len = len * sizeof(*mapping), .len = len * sizeof(*mapping),
.flags = GNTCOPY_source_gref .flags = GNTCOPY_source_gref
}; }};
if ((off + len < off) || (off + len > vif->hash.size) || if ((off + len < off) || (off + len > vif->hash.size) ||
len > XEN_PAGE_SIZE / sizeof(*mapping)) len > XEN_PAGE_SIZE / sizeof(*mapping))
return XEN_NETIF_CTRL_STATUS_INVALID_PARAMETER; return XEN_NETIF_CTRL_STATUS_INVALID_PARAMETER;
copy_op.dest.u.gmfn = virt_to_gfn(mapping + off); copy_op[0].dest.u.gmfn = virt_to_gfn(mapping + off);
copy_op.dest.offset = xen_offset_in_page(mapping + off); copy_op[0].dest.offset = xen_offset_in_page(mapping + off);
if (copy_op[0].dest.offset + copy_op[0].len > XEN_PAGE_SIZE) {
copy_op[1] = copy_op[0];
copy_op[1].source.offset = XEN_PAGE_SIZE - copy_op[0].dest.offset;
copy_op[1].dest.u.gmfn = virt_to_gfn(mapping + off + len);
copy_op[1].dest.offset = 0;
copy_op[1].len = copy_op[0].len - copy_op[1].source.offset;
copy_op[0].len = copy_op[1].source.offset;
nr = 2;
}
memcpy(mapping, vif->hash.mapping[vif->hash.mapping_sel], memcpy(mapping, vif->hash.mapping[vif->hash.mapping_sel],
vif->hash.size * sizeof(*mapping)); vif->hash.size * sizeof(*mapping));
if (copy_op.len != 0) { if (copy_op[0].len != 0) {
gnttab_batch_copy(&copy_op, 1); gnttab_batch_copy(copy_op, nr);
if (copy_op.status != GNTST_okay) if (copy_op[0].status != GNTST_okay ||
copy_op[nr - 1].status != GNTST_okay)
return XEN_NETIF_CTRL_STATUS_INVALID_PARAMETER; return XEN_NETIF_CTRL_STATUS_INVALID_PARAMETER;
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment