summaryrefslogtreecommitdiffstats
path: root/drivers/vhost
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@linux-foundation.org>2012-11-29 06:54:07 +0100
committerLinus Torvalds <torvalds@linux-foundation.org>2012-11-29 06:54:07 +0100
commite9296e89b85604862bd9ec2d54dc43edad775c0d (patch)
tree5379a58a740674e1f740008e36cb1c4fbe2011b9 /drivers/vhost
parentpercpu-rwsem: use synchronize_sched_expedited (diff)
parentMerge branch 'fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jesse/o... (diff)
downloadlinux-e9296e89b85604862bd9ec2d54dc43edad775c0d.tar.xz
linux-e9296e89b85604862bd9ec2d54dc43edad775c0d.zip
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
Pull networking fixes from David Miller: "Some more fixes trickled in over the past few days: 1) PIM device names can overflow the IFNAMSIZ buffer unless we properly limit the allowed indexes, fix from Eric Dumazet. 2) Under heavy load we can OOPS in icmp reply processing due to an unchecked inet_putpeer() call. Fix from Neal Cardwell. 3) SCTP round trip calculations need to use 64-bit math to avoid overflows, fix from Schoch Christian. 4) Fix a memory leak and an error return flub in SCTP and IRDA triggerable by userspace. Fix from Tommi Rantala and found by the syscall fuzzer (trinity). 5) MLX4 driver gives bogus size to memcpy() call, fix from Amir Vadai. 6) Fix length calculation in VHOST descriptor translation, from Michael S Tsirkin. 7) Ambassador ATM driver loops forever while loading firmware, fix from Dan Carpenter. 8) Over MTU packets in openvswitch warn about wrong device, fix from Jesse Gross. 9) Netfilter IPSET's netlink code can overrun a string buffer because it's not properly limited to IFNAMSIZ. Fix from Florian Westphal. 10) PCAN USB driver sets wrong timestamp in SKB, from Oliver Hartkopp. 11) Make sure the RX ifindex always has a valid value in the CAN BCM driver, even if we haven't received a frame yet. Fix also from Oliver Hartkopp." * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: team: fix hw_features setup atm: forever loop loading ambassador firmware vhost: fix length for cross region descriptor irda: irttp: fix memory leak in irttp_open_tsap() error path net: qmi_wwan: add Huawei E173 net/mlx4_en: Can set maxrate only for TC0 sctp: Error in calculation of RTTvar sctp: fix -ENOMEM result with invalid user space pointer in sendto() syscall sctp: fix memory leak in sctp_datamsg_from_user() when copy from user space fails net: ipmr: limit MRT_TABLE identifiers ipv4: avoid passing NULL to inet_putpeer() in icmpv4_xrlim_allow() can: bcm: initialize ifindex for timeouts without previous frame reception can: peak_usb: fix hwtstamp assignment netfilter: ipset: fix netiface set name overflow openvswitch: Store flow key len if ARP opcode is not request or reply. openvswitch: Print device when warning about over MTU packets.
Diffstat (limited to 'drivers/vhost')
-rw-r--r--drivers/vhost/vhost.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/drivers/vhost/vhost.c b/drivers/vhost/vhost.c
index 99ac2cb08b43..dedaf81d8f36 100644
--- a/drivers/vhost/vhost.c
+++ b/drivers/vhost/vhost.c
@@ -1076,7 +1076,7 @@ static int translate_desc(struct vhost_dev *dev, u64 addr, u32 len,
}
_iov = iov + ret;
size = reg->memory_size - addr + reg->guest_phys_addr;
- _iov->iov_len = min((u64)len, size);
+ _iov->iov_len = min((u64)len - s, size);
_iov->iov_base = (void __user *)(unsigned long)
(reg->userspace_addr + addr - reg->guest_phys_addr);
s += size;