RDS: fix congestion map corruption for PAGE_SIZE > 4k
authorshamir rabinovitch <shamir.rabinovitch@oracle.com>
Thu, 7 Apr 2016 11:57:36 +0000 (07:57 -0400)
committerDavid S. Miller <davem@davemloft.net>
Thu, 7 Apr 2016 20:58:28 +0000 (16:58 -0400)
When PAGE_SIZE > 4k single page can contain 2 RDS fragments. If
'rds_ib_cong_recv' ignore the RDS fragment offset in to the page it
then read the data fragment as far congestion map update and lead to
corruption of the RDS connection far congestion map.

Signed-off-by: Shamir Rabinovitch <shamir.rabinovitch@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
net/rds/ib_recv.c

index 977fb86065b75dbef916bd0acb9b94876c0f5c04..abc8cc805e8d063813d496d984e95a0c078ca0d3 100644 (file)
@@ -796,7 +796,7 @@ static void rds_ib_cong_recv(struct rds_connection *conn,
 
                addr = kmap_atomic(sg_page(&frag->f_sg));
 
-               src = addr + frag_off;
+               src = addr + frag->f_sg.offset + frag_off;
                dst = (void *)map->m_page_addrs[map_page] + map_off;
                for (k = 0; k < to_copy; k += 8) {
                        /* Record ports that became uncongested, ie