win-pvdrivers

changeset 554:2447875396d0

Fix memory mapping issue causing crashes under some situations
author James Harper <james.harper@bendigoit.com.au>
date Fri Apr 03 21:30:56 2009 +1100 (2009-04-03)
parents ee8236b44af3
children 9d6c46298386
files xennet/xennet_common.c
line diff
     1.1 --- a/xennet/xennet_common.c	Sat Mar 28 10:09:12 2009 +1100
     1.2 +++ b/xennet/xennet_common.c	Fri Apr 03 21:30:56 2009 +1100
     1.3 @@ -79,10 +79,14 @@ XenNet_BuildHeader(packet_info_t *pi, UL
     1.4      //KdPrint((__DRIVER_NAME "     B bytes_remaining = %d, pi->curr_buffer = %p, pi->mdl_count = %d\n", bytes_remaining, pi->curr_buffer, pi->mdl_count));
     1.5      if (MmGetMdlByteCount(pi->curr_buffer))
     1.6      {
     1.7 +      PUCHAR src_addr;
     1.8 +      src_addr = MmGetSystemAddressForMdlSafe(pi->curr_buffer, NormalPagePriority);
     1.9 +      if (!src_addr)
    1.10 +        return FALSE;
    1.11        copy_size = min(bytes_remaining, MmGetMdlByteCount(pi->curr_buffer) - pi->curr_mdl_offset);
    1.12        //KdPrint((__DRIVER_NAME "     B copy_size = %d\n", copy_size));
    1.13        memcpy(pi->header + pi->header_length,
    1.14 -        (PUCHAR)MmGetMdlVirtualAddress(pi->curr_buffer) + pi->curr_mdl_offset, copy_size);
    1.15 +        src_addr + pi->curr_mdl_offset, copy_size);
    1.16        pi->curr_mdl_offset = (USHORT)(pi->curr_mdl_offset + copy_size);
    1.17        pi->header_length += copy_size;
    1.18        bytes_remaining -= copy_size;
    1.19 @@ -143,7 +147,7 @@ XenNet_ParsePacketHeader(packet_info_t *
    1.20        return PARSE_UNKNOWN_TYPE;
    1.21      }
    1.22      pi->ip4_header_length = (pi->header[XN_HDR_SIZE + 0] & 0x0F) << 2;
    1.23 -    if (pi->header_length < (ULONG)(XN_HDR_SIZE + 20 + pi->ip4_header_length))
    1.24 +    if (pi->header_length < (ULONG)(XN_HDR_SIZE + pi->ip4_header_length + 20))
    1.25      {
    1.26        if (!XenNet_BuildHeader(pi, (ULONG)(XN_HDR_SIZE + pi->ip4_header_length + 20)))
    1.27        {