[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] [PATCH linux-2.6.18] usbback: correct copy length for partial transfers

Commit 72387b3c2252 ("usbback: copy only filled buffers to guest") has
introduced an error leading to copying the wrong amount of data to the
guest in case of read I/Os with not the complete buffer filled.

Depending on the amount of data read either too much or not enough
data was copied: if a buffer segment was filled less than half still
some data of the backend kernel could leak into the guest, while a
buffer segment filled more than half of it's size wouldn't be copied
completely.

Correct this by limiting the to be copied data amount to the rest
length of the read data.

Signed-off-by: Juergen Gross <jgross@xxxxxxxx>

diff -r b4bb467e5c07 drivers/xen/usbback/usbback.c
--- a/drivers/xen/usbback/usbback.c     Wed Sep 09 09:52:22 2015 +0200
+++ b/drivers/xen/usbback/usbback.c     Mon Sep 28 09:47:41 2015 +0200
@@ -213,7 +213,7 @@ static void copy_buff_to_pages(void *buf
                                buf_off += offset - buf_off;
                        }
                        if (buf_off + len > offset + length)
-                               len -= offset + length - buf_off;
+                               len = offset + length - buf_off;
                        memcpy((void *)vaddr(pending_req, i) + off,
                               buff + buf_off, len);
                }

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.