summaryrefslogtreecommitdiffstats
path: root/drivers/pci
diff options
context:
space:
mode:
authorVitaly Kuznetsov <vkuznets@redhat.com>2016-06-17 19:45:30 +0200
committerBjorn Helgaas <bhelgaas@google.com>2016-06-17 19:45:30 +0200
commit837d741ea2e6bb23da9cad1667776fc6f0cb67dd (patch)
tree521c6f78c8a7fa98cfb81377d02452d4bcdab1e9 /drivers/pci
parentPCI: hv: Don't leak buffer in hv_pci_onchannelcallback() (diff)
downloadlinux-837d741ea2e6bb23da9cad1667776fc6f0cb67dd.tar.xz
linux-837d741ea2e6bb23da9cad1667776fc6f0cb67dd.zip
PCI: hv: Handle all pending messages in hv_pci_onchannelcallback()
When we have an interrupt from the host we have a bit set in event page indicating there are messages for the particular channel. We need to read them all as we won't get signaled for what was on the queue before we cleared the bit in vmbus_on_event(). This applies to all Hyper-V drivers and the pass-through driver should do the same. I did not meet any bugs; the issue was found by code inspection. We don't have many events going through hv_pci_onchannelcallback(), which explains why nobody reported the issue before. While on it, fix handling non-zero vmbus_recvpacket_raw() return values by dropping out. If the return value is not zero, it is wrong to inspect buffer or bytes_recvd as these may contain invalid data. Signed-off-by: Vitaly Kuznetsov <vkuznets@redhat.com> Signed-off-by: Bjorn Helgaas <bhelgaas@google.com> Acked-by: Jake Oshins <jakeo@microsoft.com>
Diffstat (limited to 'drivers/pci')
-rw-r--r--drivers/pci/host/pci-hyperv.c7
1 files changed, 5 insertions, 2 deletions
diff --git a/drivers/pci/host/pci-hyperv.c b/drivers/pci/host/pci-hyperv.c
index a68ec4996ed9..7de341d7caaa 100644
--- a/drivers/pci/host/pci-hyperv.c
+++ b/drivers/pci/host/pci-hyperv.c
@@ -1657,12 +1657,16 @@ static void hv_pci_onchannelcallback(void *context)
continue;
}
+ /* Zero length indicates there are no more packets. */
+ if (ret || !bytes_recvd)
+ break;
+
/*
* All incoming packets must be at least as large as a
* response.
*/
if (bytes_recvd <= sizeof(struct pci_response))
- break;
+ continue;
desc = (struct vmpacket_descriptor *)buffer;
switch (desc->type) {
@@ -1724,7 +1728,6 @@ static void hv_pci_onchannelcallback(void *context)
desc->type, req_id, bytes_recvd);
break;
}
- break;
}
kfree(buffer);