xen-netback: handle page straddling in xenvif_set_hash_mapping()

There's no guarantee that the mapping array doesn't cross a page
boundary. Use a second grant copy operation if necessary.

Signed-off-by: Jan Beulich <jbeulich@suse.com>
Acked-by: Wei Liu <wei.liu2@citrix.com>
Reviewed-by: Paul Durrant <paul.durrant@citrix.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

diff --git a/drivers/net/xen-netback/hash.c b/drivers/net/xen-netback/hash.c
index dc9841ea2fff663abaa739e2356fbdf45008829d..0ccb021f1e78687d7c7a9814a05369aafe7c6508 100644 (file)
--- a/drivers/net/xen-netback/hash.c
+++ b/drivers/net/xen-netback/hash.c
@@ -334,28 +334,39 @@ u32 xenvif_set_hash_mapping(struct xenvif *vif, u32 gref, u32 len,
                            u32 off)
 {
        u32 *mapping = vif->hash.mapping[!vif->hash.mapping_sel];
-       struct gnttab_copy copy_op = {
+       unsigned int nr = 1;
+       struct gnttab_copy copy_op[2] = {{
                .source.u.ref = gref,
                .source.domid = vif->domid,
                .dest.domid = DOMID_SELF,
                .len = len * sizeof(*mapping),
                .flags = GNTCOPY_source_gref
-       };
+       }};
 
        if ((off + len < off) || (off + len > vif->hash.size) ||
            len > XEN_PAGE_SIZE / sizeof(*mapping))
                return XEN_NETIF_CTRL_STATUS_INVALID_PARAMETER;
 
-       copy_op.dest.u.gmfn = virt_to_gfn(mapping + off);
-       copy_op.dest.offset = xen_offset_in_page(mapping + off);
+       copy_op[0].dest.u.gmfn = virt_to_gfn(mapping + off);
+       copy_op[0].dest.offset = xen_offset_in_page(mapping + off);
+       if (copy_op[0].dest.offset + copy_op[0].len > XEN_PAGE_SIZE) {
+               copy_op[1] = copy_op[0];
+               copy_op[1].source.offset = XEN_PAGE_SIZE - copy_op[0].dest.offset;
+               copy_op[1].dest.u.gmfn = virt_to_gfn(mapping + off + len);
+               copy_op[1].dest.offset = 0;
+               copy_op[1].len = copy_op[0].len - copy_op[1].source.offset;
+               copy_op[0].len = copy_op[1].source.offset;
+               nr = 2;
+       }
 
        memcpy(mapping, vif->hash.mapping[vif->hash.mapping_sel],
               vif->hash.size * sizeof(*mapping));
 
-       if (copy_op.len != 0) {
-               gnttab_batch_copy(&copy_op, 1);
+       if (copy_op[0].len != 0) {
+               gnttab_batch_copy(copy_op, nr);
 
-               if (copy_op.status != GNTST_okay)
+               if (copy_op[0].status != GNTST_okay ||
+                   copy_op[nr - 1].status != GNTST_okay)
                        return XEN_NETIF_CTRL_STATUS_INVALID_PARAMETER;
        }