From 8ef562d112c82ec539775698f8b63ac5ec1bd766 Mon Sep 17 00:00:00 2001 From: Rusty Russell Date: Thu, 30 Jul 2009 16:03:43 -0600 Subject: [PATCH] lguest: fix descriptor corruption in example launcher 1d589bb16b825b3a7b4edd34d997f1f1f953033d "Add serial number support for virtio_blk, V4a" extended 'struct virtio_blk_config' to 536 bytes. Lguest and S/390 both use an 8 bit value for the feature length, and this change broke them (if the code is naive). Signed-off-by: Rusty Russell Cc: John Cooper Cc: Christian Borntraeger --- Documentation/lguest/lguest.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/Documentation/lguest/lguest.c b/Documentation/lguest/lguest.c index 9ebcd6ef361..45d7d6dcae7 100644 --- a/Documentation/lguest/lguest.c +++ b/Documentation/lguest/lguest.c @@ -1105,6 +1105,9 @@ static void set_config(struct device *dev, unsigned len, const void *conf) /* Copy in the config information, and store the length. */ memcpy(device_config(dev), conf, len); dev->desc->config_len = len; + + /* Size must fit in config_len field (8 bits)! */ + assert(dev->desc->config_len == len); } /* This routine does all the creation and setup of a new device, including @@ -1515,7 +1518,8 @@ static void setup_block_file(const char *filename) add_feature(dev, VIRTIO_BLK_F_SEG_MAX); conf.seg_max = cpu_to_le32(VIRTQUEUE_NUM - 2); - set_config(dev, sizeof(conf), &conf); + /* Don't try to put whole struct: we have 8 bit limit. */ + set_config(dev, offsetof(struct virtio_blk_config, geometry), &conf); verbose("device %u: virtblock %llu sectors\n", ++devices.device_num, le64_to_cpu(conf.capacity)); -- 2.32.0.93.g670b81a890