WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-changelog

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Xen-changelog] [linux-2.6.18-xen] usbfront: do not assume sequentially

from [Xen patchbot-linux-2.6.18-xen] [Permanent Link][Original]
To: xen-changelog@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-changelog] [linux-2.6.18-xen] usbfront: do not assume sequentially mapped pages
From: "Xen patchbot-linux-2.6.18-xen" <patchbot-linux-2.6.18-xen@xxxxxxxxxxxxxxxxxxx>
Date: Tue, 31 Mar 2009 12:55:08 -0700
Delivery-date: Tue, 31 Mar 2009 12:55:24 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-changelog-request@lists.xensource.com?subject=help>
List-id: BK change log <xen-changelog.lists.xensource.com>
List-post: <mailto:xen-changelog@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-changelog>, <mailto:xen-changelog-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-changelog>, <mailto:xen-changelog-request@lists.xensource.com?subject=unsubscribe>
Reply-to: xen-devel@xxxxxxxxxxxxxxxxxxx
Sender: xen-changelog-bounces@xxxxxxxxxxxxxxxxxxx 
# HG changeset patch
# User Keir Fraser <keir.fraser@xxxxxxxxxx>
# Date 1238497310 -3600
# Node ID b358ebf1c41664c7a7cf5b33feb5df779631229f
# Parent  3a4410c4504ea64f2c1e873df3234938366050ad
usbfront: do not assume sequentially mapped pages

xenhcd_gnttab_map in usbfront-q.c looks up the mfn of the start of the
usb transfer buffer.  But the buffer may span several pages, and the
current code simply increments the obtained mfn.  Needless to say this
is an unwarranted assumption.  It causes large transfers to be
corrupted and/or to overwrite other parts of memory.

Signed-off-by: Ian Jackson <ian.jackson@xxxxxxxxxxxxx>
---
 drivers/xen/usbfront/usbfront-q.c |   12 +++++++-----
 1 files changed, 7 insertions(+), 5 deletions(-)

diff -r 3a4410c4504e -r b358ebf1c416 drivers/xen/usbfront/usbfront-q.c
--- a/drivers/xen/usbfront/usbfront-q.c Tue Mar 31 12:00:53 2009 +0100
+++ b/drivers/xen/usbfront/usbfront-q.c Tue Mar 31 12:01:50 2009 +0100
@@ -106,12 +106,15 @@ static inline void xenhcd_gnttab_map(str
        unsigned int bytes;
        int i;
 
-       page = virt_to_page(addr);
-       buffer_pfn = page_to_phys(page) >> PAGE_SHIFT;
-       offset = offset_in_page(addr);
        len = length;
 
        for(i = 0;i < nr_pages;i++){
+               BUG_ON(!len);
+
+               page = virt_to_page(addr);
+               buffer_pfn = page_to_phys(page) >> PAGE_SHIFT;
+               offset = offset_in_page(addr);
+
                bytes = PAGE_SIZE - offset;
                if(bytes > len)
                        bytes = len;
@@ -123,9 +126,8 @@ static inline void xenhcd_gnttab_map(str
                seg[i].offset = (uint16_t)offset;
                seg[i].length = (uint16_t)bytes;
 
-               buffer_pfn++;
+               addr += bytes;
                len -= bytes;
-               offset = 0;
        }
 }
 

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • [Xen-changelog] [linux-2.6.18-xen] usbfront: do not assume sequentially mapped pages, Xen patchbot-linux-2.6.18-xen <=
Previous by Date:  [Xen-changelog] [linux-2.6.18-xen] netfront accel: Simplify, document, and fix a theoretical bug in use, Xen patchbot-linux-2.6.18-xen
Next by Date:  [Xen-changelog] [linux-2.6.18-xen] sfc_netfront: Only clear tx_skb when ready for netif_wake_queue, Xen patchbot-linux-2.6.18-xen
Previous by Thread:  [Xen-changelog] [linux-2.6.18-xen] netfront accel: Simplify, document, and fix a theoretical bug in use, Xen patchbot-linux-2.6.18-xen
Next by Thread:  [Xen-changelog] [linux-2.6.18-xen] sfc_netfront: Only clear tx_skb when ready for netif_wake_queue, Xen patchbot-linux-2.6.18-xen
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy