@@ -1182,6 +1182,7 @@ static int netvsc_receive(struct net_device *ndev,
}
static void netvsc_send_table(struct net_device *ndev,
+ struct netvsc_device *nvscdev,
const struct nvsp_message *nvmsg,
u32 msglen)
{
@@ -1197,6 +1198,16 @@ static void netvsc_send_table(struct net_device *ndev,
return;
}
+ /* If negotiated version <= NVSP_PROTOCOL_VERSION_6, the offset may be
+ * wrong due to a host bug. So fix the offset here.
+ */
+ if (nvscdev->nvsp_version <= NVSP_PROTOCOL_VERSION_6 &&
+ msglen >= sizeof(struct nvsp_message_header) +
+ sizeof(union nvsp_6_message_uber) + count * sizeof(u32))
+ offset = sizeof(struct nvsp_message_header) +
+ sizeof(union nvsp_6_message_uber);
+
+ /* Boundary check for all versions */
if (offset > msglen - count * sizeof(u32)) {
netdev_err(ndev, "Received send-table offset too big:%u\n",
offset);
@@ -1222,12 +1233,13 @@ static void netvsc_send_vf(struct net_device *ndev,
}
static void netvsc_receive_inband(struct net_device *ndev,
+ struct netvsc_device *nvscdev,
const struct nvsp_message *nvmsg,
u32 msglen)
{
switch (nvmsg->hdr.msg_type) {
case NVSP_MSG5_TYPE_SEND_INDIRECTION_TABLE:
- netvsc_send_table(ndev, nvmsg, msglen);
+ netvsc_send_table(ndev, nvscdev, nvmsg, msglen);
break;
case NVSP_MSG4_TYPE_SEND_VF_ASSOCIATION:
@@ -1260,7 +1272,7 @@ static int netvsc_process_raw_pkt(struct hv_device *device,
break;
case VM_PKT_DATA_INBAND:
- netvsc_receive_inband(ndev, nvmsg, msglen);
+ netvsc_receive_inband(ndev, net_device, nvmsg, msglen);
break;
default: