Merge branch 'xen-netback-hash'
Jan Beulich says: ==================== xen-netback: hash mapping handling adjustments First and foremost the fix for XSA-270. On top of that further changes which looked desirable to me while investigating that XSA. 1: fix input validation in xenvif_set_hash_mapping() 2: validate queue numbers in xenvif_set_hash_mapping() 3: handle page straddling in xenvif_set_hash_mapping() ==================== Signed-off-by: Jan Beulich <jbeulich@suse.com> Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
David S. Miller
commit
970f1713ce
|
|
@ -241,8 +241,9 @@ struct xenvif_hash_cache {
|
|||
struct xenvif_hash {
|
||||
unsigned int alg;
|
||||
u32 flags;
|
||||
bool mapping_sel;
|
||||
u8 key[XEN_NETBK_MAX_HASH_KEY_SIZE];
|
||||
u32 mapping[XEN_NETBK_MAX_HASH_MAPPING_SIZE];
|
||||
u32 mapping[2][XEN_NETBK_MAX_HASH_MAPPING_SIZE];
|
||||
unsigned int size;
|
||||
struct xenvif_hash_cache cache;
|
||||
};
|
||||
|
|
|
|||
|
|
@ -324,7 +324,8 @@ u32 xenvif_set_hash_mapping_size(struct xenvif *vif, u32 size)
|
|||
return XEN_NETIF_CTRL_STATUS_INVALID_PARAMETER;
|
||||
|
||||
vif->hash.size = size;
|
||||
memset(vif->hash.mapping, 0, sizeof(u32) * size);
|
||||
memset(vif->hash.mapping[vif->hash.mapping_sel], 0,
|
||||
sizeof(u32) * size);
|
||||
|
||||
return XEN_NETIF_CTRL_STATUS_SUCCESS;
|
||||
}
|
||||
|
|
@ -332,30 +333,48 @@ u32 xenvif_set_hash_mapping_size(struct xenvif *vif, u32 size)
|
|||
u32 xenvif_set_hash_mapping(struct xenvif *vif, u32 gref, u32 len,
|
||||
u32 off)
|
||||
{
|
||||
u32 *mapping = &vif->hash.mapping[off];
|
||||
struct gnttab_copy copy_op = {
|
||||
u32 *mapping = vif->hash.mapping[!vif->hash.mapping_sel];
|
||||
unsigned int nr = 1;
|
||||
struct gnttab_copy copy_op[2] = {{
|
||||
.source.u.ref = gref,
|
||||
.source.domid = vif->domid,
|
||||
.dest.u.gmfn = virt_to_gfn(mapping),
|
||||
.dest.domid = DOMID_SELF,
|
||||
.dest.offset = xen_offset_in_page(mapping),
|
||||
.len = len * sizeof(u32),
|
||||
.len = len * sizeof(*mapping),
|
||||
.flags = GNTCOPY_source_gref
|
||||
};
|
||||
}};
|
||||
|
||||
if ((off + len > vif->hash.size) || copy_op.len > XEN_PAGE_SIZE)
|
||||
if ((off + len < off) || (off + len > vif->hash.size) ||
|
||||
len > XEN_PAGE_SIZE / sizeof(*mapping))
|
||||
return XEN_NETIF_CTRL_STATUS_INVALID_PARAMETER;
|
||||
|
||||
copy_op[0].dest.u.gmfn = virt_to_gfn(mapping + off);
|
||||
copy_op[0].dest.offset = xen_offset_in_page(mapping + off);
|
||||
if (copy_op[0].dest.offset + copy_op[0].len > XEN_PAGE_SIZE) {
|
||||
copy_op[1] = copy_op[0];
|
||||
copy_op[1].source.offset = XEN_PAGE_SIZE - copy_op[0].dest.offset;
|
||||
copy_op[1].dest.u.gmfn = virt_to_gfn(mapping + off + len);
|
||||
copy_op[1].dest.offset = 0;
|
||||
copy_op[1].len = copy_op[0].len - copy_op[1].source.offset;
|
||||
copy_op[0].len = copy_op[1].source.offset;
|
||||
nr = 2;
|
||||
}
|
||||
|
||||
memcpy(mapping, vif->hash.mapping[vif->hash.mapping_sel],
|
||||
vif->hash.size * sizeof(*mapping));
|
||||
|
||||
if (copy_op[0].len != 0) {
|
||||
gnttab_batch_copy(copy_op, nr);
|
||||
|
||||
if (copy_op[0].status != GNTST_okay ||
|
||||
copy_op[nr - 1].status != GNTST_okay)
|
||||
return XEN_NETIF_CTRL_STATUS_INVALID_PARAMETER;
|
||||
}
|
||||
|
||||
while (len-- != 0)
|
||||
if (mapping[off++] >= vif->num_queues)
|
||||
return XEN_NETIF_CTRL_STATUS_INVALID_PARAMETER;
|
||||
|
||||
if (copy_op.len != 0) {
|
||||
gnttab_batch_copy(©_op, 1);
|
||||
|
||||
if (copy_op.status != GNTST_okay)
|
||||
return XEN_NETIF_CTRL_STATUS_INVALID_PARAMETER;
|
||||
}
|
||||
vif->hash.mapping_sel = !vif->hash.mapping_sel;
|
||||
|
||||
return XEN_NETIF_CTRL_STATUS_SUCCESS;
|
||||
}
|
||||
|
|
@ -408,6 +427,8 @@ void xenvif_dump_hash_info(struct xenvif *vif, struct seq_file *m)
|
|||
}
|
||||
|
||||
if (vif->hash.size != 0) {
|
||||
const u32 *mapping = vif->hash.mapping[vif->hash.mapping_sel];
|
||||
|
||||
seq_puts(m, "\nHash Mapping:\n");
|
||||
|
||||
for (i = 0; i < vif->hash.size; ) {
|
||||
|
|
@ -420,7 +441,7 @@ void xenvif_dump_hash_info(struct xenvif *vif, struct seq_file *m)
|
|||
seq_printf(m, "[%4u - %4u]: ", i, i + n - 1);
|
||||
|
||||
for (j = 0; j < n; j++, i++)
|
||||
seq_printf(m, "%4u ", vif->hash.mapping[i]);
|
||||
seq_printf(m, "%4u ", mapping[i]);
|
||||
|
||||
seq_puts(m, "\n");
|
||||
}
|
||||
|
|
|
|||
|
|
@ -162,7 +162,8 @@ static u16 xenvif_select_queue(struct net_device *dev, struct sk_buff *skb,
|
|||
if (size == 0)
|
||||
return skb_get_hash_raw(skb) % dev->real_num_tx_queues;
|
||||
|
||||
return vif->hash.mapping[skb_get_hash_raw(skb) % size];
|
||||
return vif->hash.mapping[vif->hash.mapping_sel]
|
||||
[skb_get_hash_raw(skb) % size];
|
||||
}
|
||||
|
||||
static int xenvif_start_xmit(struct sk_buff *skb, struct net_device *dev)
|
||||
|
|
|
|||
Loading…
Reference in New Issue