diff options
author | Linus Torvalds <torvalds@linux-foundation.org> | 2012-11-29 06:54:07 +0100 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2012-11-29 06:54:07 +0100 |
commit | e9296e89b85604862bd9ec2d54dc43edad775c0d (patch) | |
tree | 5379a58a740674e1f740008e36cb1c4fbe2011b9 /drivers/vhost | |
parent | percpu-rwsem: use synchronize_sched_expedited (diff) | |
parent | Merge branch 'fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jesse/o... (diff) | |
download | linux-e9296e89b85604862bd9ec2d54dc43edad775c0d.tar.xz linux-e9296e89b85604862bd9ec2d54dc43edad775c0d.zip |
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
Pull networking fixes from David Miller:
"Some more fixes trickled in over the past few days:
1) PIM device names can overflow the IFNAMSIZ buffer unless we
properly limit the allowed indexes, fix from Eric Dumazet.
2) Under heavy load we can OOPS in icmp reply processing due to an
unchecked inet_putpeer() call. Fix from Neal Cardwell.
3) SCTP round trip calculations need to use 64-bit math to avoid
overflows, fix from Schoch Christian.
4) Fix a memory leak and an error return flub in SCTP and IRDA
triggerable by userspace. Fix from Tommi Rantala and found by the
syscall fuzzer (trinity).
5) MLX4 driver gives bogus size to memcpy() call, fix from Amir
Vadai.
6) Fix length calculation in VHOST descriptor translation, from
Michael S Tsirkin.
7) Ambassador ATM driver loops forever while loading firmware, fix
from Dan Carpenter.
8) Over MTU packets in openvswitch warn about wrong device, fix from
Jesse Gross.
9) Netfilter IPSET's netlink code can overrun a string buffer because
it's not properly limited to IFNAMSIZ. Fix from Florian Westphal.
10) PCAN USB driver sets wrong timestamp in SKB, from Oliver Hartkopp.
11) Make sure the RX ifindex always has a valid value in the CAN BCM
driver, even if we haven't received a frame yet. Fix also from
Oliver Hartkopp."
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net:
team: fix hw_features setup
atm: forever loop loading ambassador firmware
vhost: fix length for cross region descriptor
irda: irttp: fix memory leak in irttp_open_tsap() error path
net: qmi_wwan: add Huawei E173
net/mlx4_en: Can set maxrate only for TC0
sctp: Error in calculation of RTTvar
sctp: fix -ENOMEM result with invalid user space pointer in sendto() syscall
sctp: fix memory leak in sctp_datamsg_from_user() when copy from user space fails
net: ipmr: limit MRT_TABLE identifiers
ipv4: avoid passing NULL to inet_putpeer() in icmpv4_xrlim_allow()
can: bcm: initialize ifindex for timeouts without previous frame reception
can: peak_usb: fix hwtstamp assignment
netfilter: ipset: fix netiface set name overflow
openvswitch: Store flow key len if ARP opcode is not request or reply.
openvswitch: Print device when warning about over MTU packets.
Diffstat (limited to 'drivers/vhost')
-rw-r--r-- | drivers/vhost/vhost.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/drivers/vhost/vhost.c b/drivers/vhost/vhost.c index 99ac2cb08b43..dedaf81d8f36 100644 --- a/drivers/vhost/vhost.c +++ b/drivers/vhost/vhost.c @@ -1076,7 +1076,7 @@ static int translate_desc(struct vhost_dev *dev, u64 addr, u32 len, } _iov = iov + ret; size = reg->memory_size - addr + reg->guest_phys_addr; - _iov->iov_len = min((u64)len, size); + _iov->iov_len = min((u64)len - s, size); _iov->iov_base = (void __user *)(unsigned long) (reg->userspace_addr + addr - reg->guest_phys_addr); s += size; |