]> Zhao Yanbai Git Server - minix.git/commitdiff
inet: a little more resilience against misbehaving drivers
authorDavid van Moolenbroek <david@minix3.org>
Wed, 21 Jul 2010 13:47:50 +0000 (13:47 +0000)
committerDavid van Moolenbroek <david@minix3.org>
Wed, 21 Jul 2010 13:47:50 +0000 (13:47 +0000)
servers/inet/mnx_eth.c

index fed315dbb7b1a3248fa969165a833fe62e8d169b..18bf6b152ae526970029b096413e3ecbea798e5f 100644 (file)
@@ -596,11 +596,38 @@ PRIVATE void read_int(eth_port, count)
 eth_port_t *eth_port;
 int count;
 {
-       acc_t *pack, *cut_pack;
+       acc_t *pack, *pack_ptr, *cut_pack;
+       iovec_s_t *iovec;
+       int i, r;
+
+       /* A buggy driver might try to feed us a reply for a request we never
+        * sent. Don't let this cause a crash further up.
+        */
+       if (!(eth_port->etp_flags & EPF_READ_IP))
+       {
+               printf("mnx_eth`read_int: read reply with no read going on\n");
+               return;
+       }
 
        pack= eth_port->etp_rd_pack;
        eth_port->etp_rd_pack= NULL;
 
+       /* Invalidate the grants first, so that the ethernet driver can no
+        * longer modify the contents of the packet.
+        */
+       iovec= eth_port->etp_osdep.etp_rd_iovec;
+       for (i=0, pack_ptr= pack; i<RD_IOVEC && pack_ptr;
+               i++, pack_ptr= pack_ptr->acc_next)
+       {
+               r= cpf_setgrant_disable(iovec[i].iov_grant);
+               if (r != 0)
+               {
+                       ip_panic((
+                       "mnx_eth`read_int: cpf_setgrant_disable failed: %d\n",
+                               errno));
+               }
+       }
+
        if (count < ETH_MIN_PACK_SIZE)
        {
                printf("mnx_eth`read_int: packet size too small (%d)\n",