diff options
author | Jason Wang <jasowang@redhat.com> | 2013-12-09 18:25:17 +0800 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2013-12-10 22:06:49 -0500 |
commit | 730054da3868c35809fd31a4018044ab10b0e215 (patch) | |
tree | 7b83e6854b19f4204e8785977f97ac3ff51df03a | |
parent | 923347bb83c67c3a572b04decb5875c3adb0d306 (diff) | |
download | op-kernel-dev-730054da3868c35809fd31a4018044ab10b0e215.zip op-kernel-dev-730054da3868c35809fd31a4018044ab10b0e215.tar.gz |
macvtap: signal truncated packets
macvtap_put_user() never return a value grater than iov length, this in fact
bypasses the truncated checking in macvtap_recvmsg(). Fix this by always
returning the size of packet plus the possible vlan header to let the truncated
checking work.
Cc: Vlad Yasevich <vyasevich@gmail.com>
Cc: Zhi Yong Wu <wuzhy@linux.vnet.ibm.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r-- | drivers/net/macvtap.c | 27 |
1 files changed, 14 insertions, 13 deletions
diff --git a/drivers/net/macvtap.c b/drivers/net/macvtap.c index 957cc5c..7544a0c 100644 --- a/drivers/net/macvtap.c +++ b/drivers/net/macvtap.c @@ -767,10 +767,14 @@ static ssize_t macvtap_put_user(struct macvtap_queue *q, const struct sk_buff *skb, const struct iovec *iv, int len) { - int ret; + int ret, off; int vnet_hdr_len = 0; int vlan_offset = 0; int copied; + struct { + __be16 h_vlan_proto; + __be16 h_vlan_TCI; + } veth; if (q->flags & IFF_VNET_HDR) { struct virtio_net_hdr vnet_hdr; @@ -785,16 +789,13 @@ static ssize_t macvtap_put_user(struct macvtap_queue *q, if (memcpy_toiovecend(iv, (void *)&vnet_hdr, 0, sizeof(vnet_hdr))) return -EFAULT; } - copied = vnet_hdr_len; + off = copied = vnet_hdr_len; if (!vlan_tx_tag_present(skb)) len = min_t(int, skb->len, len); else { int copy; - struct { - __be16 h_vlan_proto; - __be16 h_vlan_TCI; - } veth; + veth.h_vlan_proto = skb->vlan_proto; veth.h_vlan_TCI = htons(vlan_tx_tag_get(skb)); @@ -802,22 +803,22 @@ static ssize_t macvtap_put_user(struct macvtap_queue *q, len = min_t(int, skb->len + VLAN_HLEN, len); copy = min_t(int, vlan_offset, len); - ret = skb_copy_datagram_const_iovec(skb, 0, iv, copied, copy); + ret = skb_copy_datagram_const_iovec(skb, 0, iv, off, copy); len -= copy; - copied += copy; + off += copy; if (ret || !len) goto done; copy = min_t(int, sizeof(veth), len); - ret = memcpy_toiovecend(iv, (void *)&veth, copied, copy); + ret = memcpy_toiovecend(iv, (void *)&veth, off, copy); len -= copy; - copied += copy; + off += copy; if (ret || !len) goto done; } - ret = skb_copy_datagram_const_iovec(skb, vlan_offset, iv, copied, len); - copied += len; + ret = skb_copy_datagram_const_iovec(skb, vlan_offset, iv, off, len); + copied += skb->len + (vlan_offset ? sizeof(veth) : 0); done: return ret ? ret : copied; @@ -875,7 +876,7 @@ static ssize_t macvtap_aio_read(struct kiocb *iocb, const struct iovec *iv, } ret = macvtap_do_read(q, iocb, iv, len, file->f_flags & O_NONBLOCK); - ret = min_t(ssize_t, ret, len); /* XXX copied from tun.c. Why? */ + ret = min_t(ssize_t, ret, len); if (ret > 0) iocb->ki_pos = ret; out: |