search for: vmci_host_do_send_datagram

...sed for local communication. The bug occurs for the IOCTL_VMCI_DATAGRAM_SEND ioctl, and our tool reports the following partial backtrace: #0 memcpy () #1 dg_dispatch_as_host () at drivers/misc/vmw_vmci/vmci_datagram.c:245 #2 vmci_datagram_dispatch () at drivers/misc/vmw_vmci/vmci_datagram.c:347 #3 vmci_host_do_send_datagram () at drivers/misc/vmw_vmci/vmci_host.c:404 Here?s the relevant code snippet from dg_dispatch_as_host(): 171: dg_size = VMCI_DG_SIZE(dg); ... 235: dg_info = kmalloc(sizeof(*dg_info) + 236: (size_t) dg->payload_size, GFP_ATOMIC); 237: if (!dg_info) { 238: atomic_dec(&amp...

...sed for local communication. The bug occurs for the IOCTL_VMCI_DATAGRAM_SEND ioctl, and our tool reports the following partial backtrace: #0 memcpy () #1 dg_dispatch_as_host () at drivers/misc/vmw_vmci/vmci_datagram.c:245 #2 vmci_datagram_dispatch () at drivers/misc/vmw_vmci/vmci_datagram.c:347 #3 vmci_host_do_send_datagram () at drivers/misc/vmw_vmci/vmci_host.c:404 Here?s the relevant code snippet from dg_dispatch_as_host(): 171: dg_size = VMCI_DG_SIZE(dg); ... 235: dg_info = kmalloc(sizeof(*dg_info) + 236: (size_t) dg->payload_size, GFP_ATOMIC); 237: if (!dg_info) { 238: atomic_dec(&amp...

...ODULE_VERSION("1.1.2.0-k"); MODULE_LICENSE("GPL v2"); diff --git a/drivers/misc/vmw_vmci/vmci_host.c b/drivers/misc/vmw_vmci/vmci_host.c index 66fc992..a721b5d 100644 --- a/drivers/misc/vmw_vmci/vmci_host.c +++ b/drivers/misc/vmw_vmci/vmci_host.c @@ -395,6 +395,12 @@ static int vmci_host_do_send_datagram(struct vmci_host_dev *vmci_host_dev, return -EFAULT; } + if (VMCI_DG_SIZE(dg) != send_info.len) { + vmci_ioctl_err("datagram size mismatch\n"); + kfree(dg); + return -EINVAL; + } + pr_devel("Datagram dst (handle=0x%x:0x%x) src (handle=0x%x:0x%x), payload (size=%llu bytes)...

...ODULE_VERSION("1.1.2.0-k"); MODULE_LICENSE("GPL v2"); diff --git a/drivers/misc/vmw_vmci/vmci_host.c b/drivers/misc/vmw_vmci/vmci_host.c index 66fc992..a721b5d 100644 --- a/drivers/misc/vmw_vmci/vmci_host.c +++ b/drivers/misc/vmw_vmci/vmci_host.c @@ -395,6 +395,12 @@ static int vmci_host_do_send_datagram(struct vmci_host_dev *vmci_host_dev, return -EFAULT; } + if (VMCI_DG_SIZE(dg) != send_info.len) { + vmci_ioctl_err("datagram size mismatch\n"); + kfree(dg); + return -EINVAL; + } + pr_devel("Datagram dst (handle=0x%x:0x%x) src (handle=0x%x:0x%x), payload (size=%llu bytes)...

* * * This series of VMCI linux upstreaming patches include latest udpate from VMware. -split guest, host and core driver code into different files -use EXPORT_SYMBOLS_GPL -remove vmci_device_get and vmci_device_release APIs -simplify the event deliver mechanism -driver ioctl code cleanup -sparse clean * * * In an effort to improve the out-of-the-box experience with

* * * This series of VMCI linux upstreaming patches include latest udpate from VMware. -split guest, host and core driver code into different files -use EXPORT_SYMBOLS_GPL -remove vmci_device_get and vmci_device_release APIs -simplify the event deliver mechanism -driver ioctl code cleanup -sparse clean * * * In an effort to improve the out-of-the-box experience with

* * * This series of VMCI linux upstreaming patches include latest udpate from VMware to address Greg's and all other's code review comments. Summary of changes: - Rebase our linux kernel tree from v3.5 to v3.7. - Fix all checkpatch warnings and errors. Fix some checkpatch with -strict errors. This addresses Greg's comment: On 15 Nov 2012

* * * This series of VMCI linux upstreaming patches include latest udpate from VMware to address Greg's and all other's code review comments. Summary of changes: - Rebase our linux kernel tree from v3.5 to v3.7. - Fix all checkpatch warnings and errors. Fix some checkpatch with -strict errors. This addresses Greg's comment: On 15 Nov 2012