Date: Wed, 27 Jul 2016 07:19:06 +0000 (UTC) From: Sepherosa Ziehau <sephe@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r303369 - head/sys/dev/hyperv/vmbus Message-ID: <201607270719.u6R7J6Sc088645@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: sephe Date: Wed Jul 27 07:19:06 2016 New Revision: 303369 URL: https://svnweb.freebsd.org/changeset/base/303369 Log: hyperv/vmbus: Stringent RX bufring data length checks. MFC after: 1 week Sponsored by: Microsoft Differential Revision: https://reviews.freebsd.org/D7316 Modified: head/sys/dev/hyperv/vmbus/hv_ring_buffer.c Modified: head/sys/dev/hyperv/vmbus/hv_ring_buffer.c ============================================================================== --- head/sys/dev/hyperv/vmbus/hv_ring_buffer.c Wed Jul 27 06:52:43 2016 (r303368) +++ head/sys/dev/hyperv/vmbus/hv_ring_buffer.c Wed Jul 27 07:19:06 2016 (r303369) @@ -339,8 +339,12 @@ vmbus_rxbr_peek(struct vmbus_rxbr *rbr, mtx_lock_spin(&rbr->rxbr_lock); + /* + * The requested data and the 64bits channel packet + * offset should be there at least. + */ bytesAvailToRead = vmbus_rxbr_avail(rbr); - if (bytesAvailToRead < dlen) { + if (bytesAvailToRead < dlen + sizeof(uint64_t)) { mtx_unlock_spin(&rbr->rxbr_lock); return (EAGAIN); } @@ -366,7 +370,7 @@ vmbus_rxbr_read(struct vmbus_rxbr *rbr, mtx_lock_spin(&rbr->rxbr_lock); bytes_avail_to_read = vmbus_rxbr_avail(rbr); - if (bytes_avail_to_read < dlen) { + if (bytes_avail_to_read < dlen + offset + sizeof(prev_indices)) { mtx_unlock_spin(&rbr->rxbr_lock); return (EAGAIN); }
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201607270719.u6R7J6Sc088645>