win-pvdrivers

changeset 826:7e39c337e2c3

Fix up buffer corruption under W2K
author James Harper <james.harper@bendigoit.com.au>
date Tue Jan 11 20:59:52 2011 +1100 (2011-01-11)
parents 49ae3e852f20
children ef7a509365b5
files xennet/xennet_rx.c
line diff
     1.1 --- a/xennet/xennet_rx.c	Tue Jan 11 20:58:05 2011 +1100
     1.2 +++ b/xennet/xennet_rx.c	Tue Jan 11 20:59:52 2011 +1100
     1.3 @@ -214,10 +214,9 @@ XenNet_MakePacket(struct xennet_info *xi
     1.4    NdisAllocateBuffer(&status, &out_buffer, xi->rx_buffer_pool, header_va, pi->header_length);
     1.5    ASSERT(status == STATUS_SUCCESS);
     1.6    NdisChainBufferAtBack(packet, out_buffer);
     1.7 -  *(shared_buffer_t **)&packet->MiniportReservedEx[sizeof(LIST_ENTRY)] = header_buf;
     1.8 +  *(shared_buffer_t **)&packet->MiniportReservedEx[0] = header_buf;
     1.9    header_buf->next = pi->curr_pb;
    1.10  
    1.11 -
    1.12    // TODO: if there are only a few bytes left on the first buffer then add them to the header buffer too... maybe
    1.13  
    1.14    //KdPrint((__DRIVER_NAME "     split_required = %d\n", pi->split_required));
    1.15 @@ -504,7 +503,7 @@ XenNet_MakePackets(
    1.16          }
    1.17        }
    1.18      }
    1.19 -    entry = (PLIST_ENTRY)&packet->MiniportReservedEx[0];
    1.20 +    entry = (PLIST_ENTRY)&packet->MiniportReservedEx[sizeof(PVOID)];
    1.21      InsertTailList(rx_packet_list, entry);
    1.22      packet_count = 1;
    1.23      goto done;
    1.24 @@ -517,7 +516,7 @@ XenNet_MakePackets(
    1.25        packet_count = 0;
    1.26        goto done;
    1.27      }
    1.28 -    entry = (PLIST_ENTRY)&packet->MiniportReservedEx[0];
    1.29 +    entry = (PLIST_ENTRY)&packet->MiniportReservedEx[sizeof(PVOID)];
    1.30      InsertTailList(rx_packet_list, entry);
    1.31      packet_count = 1;
    1.32      goto done;
    1.33 @@ -555,7 +554,7 @@ XenNet_MakePackets(
    1.34          header_va[XN_HDR_SIZE + pi->ip4_header_length + 13] |= 8;
    1.35      }
    1.36      XenNet_SumPacketData(pi, packet, TRUE);
    1.37 -    entry = (PLIST_ENTRY)&packet->MiniportReservedEx[0];
    1.38 +    entry = (PLIST_ENTRY)&packet->MiniportReservedEx[sizeof(PVOID)];
    1.39      InsertTailList(rx_packet_list, entry);
    1.40      packet_count++;
    1.41    }
    1.42 @@ -760,7 +759,7 @@ XenNet_RxBufferCheck(PKDPC dpc, PVOID co
    1.43    packet_count = 0;
    1.44    while (entry != &rx_packet_list)
    1.45    {
    1.46 -    PNDIS_PACKET packet = CONTAINING_RECORD(entry, NDIS_PACKET, MiniportReservedEx[0]);
    1.47 +    PNDIS_PACKET packet = CONTAINING_RECORD(entry, NDIS_PACKET, MiniportReservedEx[sizeof(PVOID)]);
    1.48      packets[packet_count++] = packet;
    1.49      entry = RemoveHeadList(&rx_packet_list);
    1.50      if (packet_count == MAXIMUM_PACKETS_PER_INDICATE || entry == &rx_packet_list)
    1.51 @@ -783,7 +782,7 @@ XenNet_ReturnPacket(
    1.52  {
    1.53    struct xennet_info *xi = MiniportAdapterContext;
    1.54    PNDIS_BUFFER buffer;
    1.55 -  shared_buffer_t *page_buf = *(shared_buffer_t **)&Packet->MiniportReservedEx[sizeof(LIST_ENTRY)];
    1.56 +  shared_buffer_t *page_buf = *(shared_buffer_t **)&Packet->MiniportReservedEx[0];
    1.57  
    1.58    //FUNCTION_ENTER();
    1.59  
    1.60 @@ -794,7 +793,9 @@ XenNet_ReturnPacket(
    1.61    NdisUnchainBufferAtFront(Packet, &buffer);
    1.62    while (buffer)
    1.63    {
    1.64 -    shared_buffer_t *next_buf = page_buf->next;
    1.65 +    shared_buffer_t *next_buf;
    1.66 +    ASSERT(page_buf);
    1.67 +    next_buf = page_buf->next;
    1.68      if (!page_buf->virtual)
    1.69      {
    1.70        /* this isn't actually a share_buffer, it is some memory allocated for the header - just free it */