From: Tim Sell <Timothy.Sell@xxxxxxxxxx>
Use the dynamic size of the controlvm channel (struct channel_header.size)
instead of the statically computed sizeof(struct controlvm_channel) when
determining the valid bounds for visorchannel_read() and
visorchannel_write().
This prevents an observed problem where kdump was failing because
controlvm_channel.local_crash_msg_offset was pointing beyond the statically
computed size of the channel, even though the channel was physically large
enough. This was causing visorchannel_read() to unecessarily fail, because
we thought we were attempting to access memory outside of the channel.
Signed-off-by: Timothy Sell <timothy.sell@xxxxxxxxxx>
Signed-off-by: David Kershner <david.kershner@xxxxxxxxxx>
---
drivers/staging/unisys/visorbus/visorchipset.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/drivers/staging/unisys/visorbus/visorchipset.c b/drivers/staging/unisys/visorbus/visorchipset.c
index 550280f..5c4ad6f 100644
--- a/drivers/staging/unisys/visorbus/visorchipset.c
+++ b/drivers/staging/unisys/visorbus/visorchipset.c
@@ -2254,7 +2254,6 @@ visorchipset_init(struct acpi_device *acpi_device)
{
int rc = 0;
u64 addr;
- int tmp_sz = sizeof(struct spar_controlvm_channel_protocol);
uuid_le uuid = SPAR_CONTROLVM_CHANNEL_PROTOCOL_UUID;
addr = controlvm_get_channel_address();
@@ -2264,8 +2263,10 @@ visorchipset_init(struct acpi_device *acpi_device)
memset(&busdev_notifiers, 0, sizeof(busdev_notifiers));
memset(&controlvm_payload_info, 0, sizeof(controlvm_payload_info));
- controlvm_channel = visorchannel_create_with_lock(addr, tmp_sz,
+ controlvm_channel = visorchannel_create_with_lock(addr, 0,
GFP_KERNEL, uuid);
+ if (!controlvm_channel)
+ return -ENODEV;
if (SPAR_CONTROLVM_CHANNEL_OK_CLIENT(
visorchannel_get_header(controlvm_channel))) {
initialize_controlvm_payload();
--
1.9.1
_______________________________________________
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxx
http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel
