From: Jason Wang Date: Sun, 15 Feb 2015 08:35:17 +0000 (+0800) Subject: vhost_net: fix wrong iter offset when setting number of buffers X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=0960b6417e9ed8e4b4aa3c54e257324a9352f40b;p=GitHub%2Fexynos8895%2Fandroid_kernel_samsung_universal8895.git vhost_net: fix wrong iter offset when setting number of buffers In commit ba7438aed924 ("vhost: don't bother copying iovecs in handle_rx(), kill memcpy_toiovecend()"), we advance iov iter fixup sizeof(struct virtio_net_hdr) bytes and fill the number of buffers after doing the socket recvmsg(). This work well but was broken after commit 6e03f896b52c ("Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net") which tries to advance sizeof(struct virtio_net_hdr_mrg_rxbuf). It will fill the number of buffers at the wrong place. This patch fixes this. Fixes 6e03f896b52c ("Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net") Cc: David S. Miller Cc: Al Viro Cc: Michael S. Tsirkin Signed-off-by: Jason Wang Signed-off-by: David S. Miller --- diff --git a/drivers/vhost/net.c b/drivers/vhost/net.c index 8dccca9013ed..afa06d28725d 100644 --- a/drivers/vhost/net.c +++ b/drivers/vhost/net.c @@ -528,9 +528,9 @@ static void handle_rx(struct vhost_net *net) .msg_controllen = 0, .msg_flags = MSG_DONTWAIT, }; - struct virtio_net_hdr_mrg_rxbuf hdr = { - .hdr.flags = 0, - .hdr.gso_type = VIRTIO_NET_HDR_GSO_NONE + struct virtio_net_hdr hdr = { + .flags = 0, + .gso_type = VIRTIO_NET_HDR_GSO_NONE }; size_t total_len = 0; int err, mergeable; @@ -539,6 +539,7 @@ static void handle_rx(struct vhost_net *net) size_t vhost_len, sock_len; struct socket *sock; struct iov_iter fixup; + __virtio16 num_buffers; mutex_lock(&vq->mutex); sock = vq->private_data; @@ -616,9 +617,9 @@ static void handle_rx(struct vhost_net *net) } /* TODO: Should check and handle checksum. */ - hdr.num_buffers = cpu_to_vhost16(vq, headcount); + num_buffers = cpu_to_vhost16(vq, headcount); if (likely(mergeable) && - copy_to_iter(&hdr.num_buffers, 2, &fixup) != 2) { + copy_to_iter(&num_buffers, 2, &fixup) != 2) { vq_err(vq, "Failed num_buffers write"); vhost_discard_vq_desc(vq, headcount); break;