diff options
author | Vitaly Kuznetsov <vkuznets@redhat.com> | 2016-06-17 19:45:30 +0200 |
---|---|---|
committer | Bjorn Helgaas <bhelgaas@google.com> | 2016-06-17 19:45:30 +0200 |
commit | 837d741ea2e6bb23da9cad1667776fc6f0cb67dd (patch) | |
tree | 521c6f78c8a7fa98cfb81377d02452d4bcdab1e9 /drivers/pci | |
parent | PCI: hv: Don't leak buffer in hv_pci_onchannelcallback() (diff) | |
download | linux-837d741ea2e6bb23da9cad1667776fc6f0cb67dd.tar.xz linux-837d741ea2e6bb23da9cad1667776fc6f0cb67dd.zip |
PCI: hv: Handle all pending messages in hv_pci_onchannelcallback()
When we have an interrupt from the host we have a bit set in event page
indicating there are messages for the particular channel. We need to read
them all as we won't get signaled for what was on the queue before we
cleared the bit in vmbus_on_event(). This applies to all Hyper-V drivers
and the pass-through driver should do the same.
I did not meet any bugs; the issue was found by code inspection. We don't
have many events going through hv_pci_onchannelcallback(), which explains
why nobody reported the issue before.
While on it, fix handling non-zero vmbus_recvpacket_raw() return values by
dropping out. If the return value is not zero, it is wrong to inspect
buffer or bytes_recvd as these may contain invalid data.
Signed-off-by: Vitaly Kuznetsov <vkuznets@redhat.com>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Acked-by: Jake Oshins <jakeo@microsoft.com>
Diffstat (limited to 'drivers/pci')
-rw-r--r-- | drivers/pci/host/pci-hyperv.c | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/drivers/pci/host/pci-hyperv.c b/drivers/pci/host/pci-hyperv.c index a68ec4996ed9..7de341d7caaa 100644 --- a/drivers/pci/host/pci-hyperv.c +++ b/drivers/pci/host/pci-hyperv.c @@ -1657,12 +1657,16 @@ static void hv_pci_onchannelcallback(void *context) continue; } + /* Zero length indicates there are no more packets. */ + if (ret || !bytes_recvd) + break; + /* * All incoming packets must be at least as large as a * response. */ if (bytes_recvd <= sizeof(struct pci_response)) - break; + continue; desc = (struct vmpacket_descriptor *)buffer; switch (desc->type) { @@ -1724,7 +1728,6 @@ static void hv_pci_onchannelcallback(void *context) desc->type, req_id, bytes_recvd); break; } - break; } kfree(buffer); |