summaryrefslogtreecommitdiffstats
path: root/drivers/net/xen-netfront.c
diff options
context:
space:
mode:
authorJan Beulich <jbeulich@suse.com>2022-07-13 11:19:55 +0200
committerPaolo Abeni <pabeni@redhat.com>2022-07-14 12:20:18 +0200
commit06673c2102b3f0959302d65e07485ba3f2b94127 (patch)
tree4a65c6fdd94a7601fc9dcfddc9bd26e7c2dfb12b /drivers/net/xen-netfront.c
parentxen-netfront: remove leftover call to xennet_tx_buf_gc() (diff)
downloadlinux-06673c2102b3f0959302d65e07485ba3f2b94127.tar.xz
linux-06673c2102b3f0959302d65e07485ba3f2b94127.zip
xen-netfront: re-order error checks in xennet_get_responses()
Check the retrieved grant reference first; there's no point trying to have xennet_move_rx_slot() move invalid data (and further defer recognition of the issue, likely making diagnosis yet more difficult). Signed-off-by: Jan Beulich <jbeulich@suse.com> Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Diffstat (limited to '')
-rw-r--r--drivers/net/xen-netfront.c20
1 files changed, 10 insertions, 10 deletions
diff --git a/drivers/net/xen-netfront.c b/drivers/net/xen-netfront.c
index 8bae9b84f045..27a11cc08c61 100644
--- a/drivers/net/xen-netfront.c
+++ b/drivers/net/xen-netfront.c
@@ -1043,16 +1043,6 @@ static int xennet_get_responses(struct netfront_queue *queue,
}
for (;;) {
- if (unlikely(rx->status < 0 ||
- rx->offset + rx->status > XEN_PAGE_SIZE)) {
- if (net_ratelimit())
- dev_warn(dev, "rx->offset: %u, size: %d\n",
- rx->offset, rx->status);
- xennet_move_rx_slot(queue, skb, ref);
- err = -EINVAL;
- goto next;
- }
-
/*
* This definitely indicates a bug, either in this driver or in
* the backend driver. In future this should flag the bad
@@ -1066,6 +1056,16 @@ static int xennet_get_responses(struct netfront_queue *queue,
goto next;
}
+ if (unlikely(rx->status < 0 ||
+ rx->offset + rx->status > XEN_PAGE_SIZE)) {
+ if (net_ratelimit())
+ dev_warn(dev, "rx->offset: %u, size: %d\n",
+ rx->offset, rx->status);
+ xennet_move_rx_slot(queue, skb, ref);
+ err = -EINVAL;
+ goto next;
+ }
+
if (!gnttab_end_foreign_access_ref(ref)) {
dev_alert(dev,
"Grant still in use by backend domain\n");