diff options
Diffstat (limited to 'open-vm-tools/modules/linux/vmci/common/vmciDatagram.c')
| -rw-r--r-- | open-vm-tools/modules/linux/vmci/common/vmciDatagram.c | 12 |
1 files changed, 9 insertions, 3 deletions
diff --git a/open-vm-tools/modules/linux/vmci/common/vmciDatagram.c b/open-vm-tools/modules/linux/vmci/common/vmciDatagram.c index 2f17a182..7fd7674a 100644 --- a/open-vm-tools/modules/linux/vmci/common/vmciDatagram.c +++ b/open-vm-tools/modules/linux/vmci/common/vmciDatagram.c @@ -1,5 +1,5 @@ /********************************************************* - * Copyright (C) 2006-2011 VMware, Inc. All rights reserved. + * Copyright (C) 2006-2011,2014 VMware, Inc. All rights reserved. * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -622,7 +622,7 @@ VMCIDatagramDispatchAsHost(VMCIId contextID, // IN: VMCI_CanScheduleDelayedWork())) { VMCIDelayedDatagramInfo *dgInfo; - if (Atomic_FetchAndAdd(&delayedDGHostQueueSize, 1) == + if (Atomic_ReadInc32(&delayedDGHostQueueSize) == VMCI_MAX_DELAYED_DG_HOST_QUEUE_SIZE) { Atomic_Dec(&delayedDGHostQueueSize); VMCIResource_Release(resource); @@ -692,7 +692,7 @@ VMCIDatagramDispatchAsHost(VMCIId contextID, // IN: return VMCI_ERROR_NO_MEM; } memcpy(newDG, dg, dgSize); - retval = VMCIContext_EnqueueDatagram(dg->dst.context, newDG); + retval = VMCIContext_EnqueueDatagram(dg->dst.context, newDG, TRUE); if (retval < VMCI_SUCCESS) { VMCI_FreeKernelMem(newDG, dgSize); VMCI_DEBUG_LOG(4, (LGPFX"Enqueue failed\n")); @@ -844,6 +844,12 @@ VMCIDatagram_InvokeGuestHandler(VMCIDatagram *dg) // IN ASSERT(dg); + if (dg->payloadSize > VMCI_MAX_DG_PAYLOAD_SIZE) { + VMCI_DEBUG_LOG(4, (LGPFX"Payload (size=%"FMT64"u bytes) too large to " + "deliver.\n", dg->payloadSize)); + return VMCI_ERROR_PAYLOAD_TOO_LARGE; + } + resource = VMCIResource_Get(dg->dst, VMCI_RESOURCE_TYPE_DATAGRAM); if (NULL == resource) { VMCI_DEBUG_LOG(4, (LGPFX"destination (handle=0x%x:0x%x) doesn't exist.\n", |