Commit 1f4b1612 authored by Bhavesh Davda's avatar Bhavesh Davda Committed by David S. Miller

net-next: Fix an overflow bug in vmxnet3 Tx descriptor

Fix an overflow bug in vmxnet3 Tx descriptor

This patch fixes a bug where a 16K buffer on a Tx descriptor was overflowing
into the 'gen' bit in the descriptor thereby corrupting the descriptor and
stalling the transmit ring.
Signed-off-by: default avatarBhavesh Davda <bhavesh@vmware.com>
Signed-off-by: default avatarShreyas Bhatewara <sbhatewara@vmware.com>
Signed-off-by: default avatarMatthew Delco <delcoM@vmware.com>
Signed-off-by: default avatarRonghua Zhang <ronghua@vmware.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 690a1f20
......@@ -664,8 +664,13 @@ vmxnet3_map_pkt(struct sk_buff *skb, struct vmxnet3_tx_ctx *ctx,
while (len) {
u32 buf_size;
buf_size = len > VMXNET3_MAX_TX_BUF_SIZE ?
VMXNET3_MAX_TX_BUF_SIZE : len;
if (len < VMXNET3_MAX_TX_BUF_SIZE) {
buf_size = len;
dw2 |= len;
} else {
buf_size = VMXNET3_MAX_TX_BUF_SIZE;
/* spec says that for TxDesc.len, 0 == 2^14 */
}
tbi = tq->buf_info + tq->tx_ring.next2fill;
tbi->map_type = VMXNET3_MAP_SINGLE;
......@@ -673,13 +678,13 @@ vmxnet3_map_pkt(struct sk_buff *skb, struct vmxnet3_tx_ctx *ctx,
skb->data + buf_offset, buf_size,
PCI_DMA_TODEVICE);
tbi->len = buf_size; /* this automatically convert 2^14 to 0 */
tbi->len = buf_size;
gdesc = tq->tx_ring.base + tq->tx_ring.next2fill;
BUG_ON(gdesc->txd.gen == tq->tx_ring.gen);
gdesc->txd.addr = cpu_to_le64(tbi->dma_addr);
gdesc->dword[2] = cpu_to_le32(dw2 | buf_size);
gdesc->dword[2] = cpu_to_le32(dw2);
gdesc->dword[3] = 0;
dev_dbg(&adapter->netdev->dev,
......
......@@ -68,10 +68,10 @@
/*
* Version numbers
*/
#define VMXNET3_DRIVER_VERSION_STRING "1.0.13.0-k"
#define VMXNET3_DRIVER_VERSION_STRING "1.0.14.0-k"
/* a 32-bit int, each byte encode a verion number in VMXNET3_DRIVER_VERSION */
#define VMXNET3_DRIVER_VERSION_NUM 0x01000B00
#define VMXNET3_DRIVER_VERSION_NUM 0x01000E00
/*
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment