Avoid reading past buffer when calling GETACL
[zen-stable.git] / drivers / net / hyperv / rndis_filter.c
blob133b7fbf8595b423792a675f3ff5b9317106ef78
1 /*
2 * Copyright (c) 2009, Microsoft Corporation.
4 * This program is free software; you can redistribute it and/or modify it
5 * under the terms and conditions of the GNU General Public License,
6 * version 2, as published by the Free Software Foundation.
8 * This program is distributed in the hope it will be useful, but WITHOUT
9 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
10 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
11 * more details.
13 * You should have received a copy of the GNU General Public License along with
14 * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
15 * Place - Suite 330, Boston, MA 02111-1307 USA.
17 * Authors:
18 * Haiyang Zhang <haiyangz@microsoft.com>
19 * Hank Janssen <hjanssen@microsoft.com>
21 #include <linux/kernel.h>
22 #include <linux/sched.h>
23 #include <linux/wait.h>
24 #include <linux/highmem.h>
25 #include <linux/slab.h>
26 #include <linux/io.h>
27 #include <linux/if_ether.h>
28 #include <linux/netdevice.h>
30 #include "hyperv_net.h"
33 struct rndis_request {
34 struct list_head list_ent;
35 struct completion wait_event;
38 * FIXME: We assumed a fixed size response here. If we do ever need to
39 * handle a bigger response, we can either define a max response
40 * message or add a response buffer variable above this field
42 struct rndis_message response_msg;
44 /* Simplify allocation by having a netvsc packet inline */
45 struct hv_netvsc_packet pkt;
46 struct hv_page_buffer buf;
47 /* FIXME: We assumed a fixed size request here. */
48 struct rndis_message request_msg;
51 static void rndis_filter_send_completion(void *ctx);
53 static void rndis_filter_send_request_completion(void *ctx);
57 static struct rndis_device *get_rndis_device(void)
59 struct rndis_device *device;
61 device = kzalloc(sizeof(struct rndis_device), GFP_KERNEL);
62 if (!device)
63 return NULL;
65 spin_lock_init(&device->request_lock);
67 INIT_LIST_HEAD(&device->req_list);
69 device->state = RNDIS_DEV_UNINITIALIZED;
71 return device;
74 static struct rndis_request *get_rndis_request(struct rndis_device *dev,
75 u32 msg_type,
76 u32 msg_len)
78 struct rndis_request *request;
79 struct rndis_message *rndis_msg;
80 struct rndis_set_request *set;
81 unsigned long flags;
83 request = kzalloc(sizeof(struct rndis_request), GFP_KERNEL);
84 if (!request)
85 return NULL;
87 init_completion(&request->wait_event);
89 rndis_msg = &request->request_msg;
90 rndis_msg->ndis_msg_type = msg_type;
91 rndis_msg->msg_len = msg_len;
94 * Set the request id. This field is always after the rndis header for
95 * request/response packet types so we just used the SetRequest as a
96 * template
98 set = &rndis_msg->msg.set_req;
99 set->req_id = atomic_inc_return(&dev->new_req_id);
101 /* Add to the request list */
102 spin_lock_irqsave(&dev->request_lock, flags);
103 list_add_tail(&request->list_ent, &dev->req_list);
104 spin_unlock_irqrestore(&dev->request_lock, flags);
106 return request;
109 static void put_rndis_request(struct rndis_device *dev,
110 struct rndis_request *req)
112 unsigned long flags;
114 spin_lock_irqsave(&dev->request_lock, flags);
115 list_del(&req->list_ent);
116 spin_unlock_irqrestore(&dev->request_lock, flags);
118 kfree(req);
121 static void dump_rndis_message(struct hv_device *hv_dev,
122 struct rndis_message *rndis_msg)
124 struct net_device *netdev;
125 struct netvsc_device *net_device;
127 net_device = hv_get_drvdata(hv_dev);
128 netdev = net_device->ndev;
130 switch (rndis_msg->ndis_msg_type) {
131 case REMOTE_NDIS_PACKET_MSG:
132 netdev_dbg(netdev, "REMOTE_NDIS_PACKET_MSG (len %u, "
133 "data offset %u data len %u, # oob %u, "
134 "oob offset %u, oob len %u, pkt offset %u, "
135 "pkt len %u\n",
136 rndis_msg->msg_len,
137 rndis_msg->msg.pkt.data_offset,
138 rndis_msg->msg.pkt.data_len,
139 rndis_msg->msg.pkt.num_oob_data_elements,
140 rndis_msg->msg.pkt.oob_data_offset,
141 rndis_msg->msg.pkt.oob_data_len,
142 rndis_msg->msg.pkt.per_pkt_info_offset,
143 rndis_msg->msg.pkt.per_pkt_info_len);
144 break;
146 case REMOTE_NDIS_INITIALIZE_CMPLT:
147 netdev_dbg(netdev, "REMOTE_NDIS_INITIALIZE_CMPLT "
148 "(len %u, id 0x%x, status 0x%x, major %d, minor %d, "
149 "device flags %d, max xfer size 0x%x, max pkts %u, "
150 "pkt aligned %u)\n",
151 rndis_msg->msg_len,
152 rndis_msg->msg.init_complete.req_id,
153 rndis_msg->msg.init_complete.status,
154 rndis_msg->msg.init_complete.major_ver,
155 rndis_msg->msg.init_complete.minor_ver,
156 rndis_msg->msg.init_complete.dev_flags,
157 rndis_msg->msg.init_complete.max_xfer_size,
158 rndis_msg->msg.init_complete.
159 max_pkt_per_msg,
160 rndis_msg->msg.init_complete.
161 pkt_alignment_factor);
162 break;
164 case REMOTE_NDIS_QUERY_CMPLT:
165 netdev_dbg(netdev, "REMOTE_NDIS_QUERY_CMPLT "
166 "(len %u, id 0x%x, status 0x%x, buf len %u, "
167 "buf offset %u)\n",
168 rndis_msg->msg_len,
169 rndis_msg->msg.query_complete.req_id,
170 rndis_msg->msg.query_complete.status,
171 rndis_msg->msg.query_complete.
172 info_buflen,
173 rndis_msg->msg.query_complete.
174 info_buf_offset);
175 break;
177 case REMOTE_NDIS_SET_CMPLT:
178 netdev_dbg(netdev,
179 "REMOTE_NDIS_SET_CMPLT (len %u, id 0x%x, status 0x%x)\n",
180 rndis_msg->msg_len,
181 rndis_msg->msg.set_complete.req_id,
182 rndis_msg->msg.set_complete.status);
183 break;
185 case REMOTE_NDIS_INDICATE_STATUS_MSG:
186 netdev_dbg(netdev, "REMOTE_NDIS_INDICATE_STATUS_MSG "
187 "(len %u, status 0x%x, buf len %u, buf offset %u)\n",
188 rndis_msg->msg_len,
189 rndis_msg->msg.indicate_status.status,
190 rndis_msg->msg.indicate_status.status_buflen,
191 rndis_msg->msg.indicate_status.status_buf_offset);
192 break;
194 default:
195 netdev_dbg(netdev, "0x%x (len %u)\n",
196 rndis_msg->ndis_msg_type,
197 rndis_msg->msg_len);
198 break;
202 static int rndis_filter_send_request(struct rndis_device *dev,
203 struct rndis_request *req)
205 int ret;
206 struct hv_netvsc_packet *packet;
208 /* Setup the packet to send it */
209 packet = &req->pkt;
211 packet->is_data_pkt = false;
212 packet->total_data_buflen = req->request_msg.msg_len;
213 packet->page_buf_cnt = 1;
215 packet->page_buf[0].pfn = virt_to_phys(&req->request_msg) >>
216 PAGE_SHIFT;
217 packet->page_buf[0].len = req->request_msg.msg_len;
218 packet->page_buf[0].offset =
219 (unsigned long)&req->request_msg & (PAGE_SIZE - 1);
221 packet->completion.send.send_completion_ctx = req;/* packet; */
222 packet->completion.send.send_completion =
223 rndis_filter_send_request_completion;
224 packet->completion.send.send_completion_tid = (unsigned long)dev;
226 ret = netvsc_send(dev->net_dev->dev, packet);
227 return ret;
230 static void rndis_filter_receive_response(struct rndis_device *dev,
231 struct rndis_message *resp)
233 struct rndis_request *request = NULL;
234 bool found = false;
235 unsigned long flags;
236 struct net_device *ndev;
238 ndev = dev->net_dev->ndev;
240 spin_lock_irqsave(&dev->request_lock, flags);
241 list_for_each_entry(request, &dev->req_list, list_ent) {
243 * All request/response message contains RequestId as the 1st
244 * field
246 if (request->request_msg.msg.init_req.req_id
247 == resp->msg.init_complete.req_id) {
248 found = true;
249 break;
252 spin_unlock_irqrestore(&dev->request_lock, flags);
254 if (found) {
255 if (resp->msg_len <= sizeof(struct rndis_message)) {
256 memcpy(&request->response_msg, resp,
257 resp->msg_len);
258 } else {
259 netdev_err(ndev,
260 "rndis response buffer overflow "
261 "detected (size %u max %zu)\n",
262 resp->msg_len,
263 sizeof(struct rndis_filter_packet));
265 if (resp->ndis_msg_type ==
266 REMOTE_NDIS_RESET_CMPLT) {
267 /* does not have a request id field */
268 request->response_msg.msg.reset_complete.
269 status = STATUS_BUFFER_OVERFLOW;
270 } else {
271 request->response_msg.msg.
272 init_complete.status =
273 STATUS_BUFFER_OVERFLOW;
277 complete(&request->wait_event);
278 } else {
279 netdev_err(ndev,
280 "no rndis request found for this response "
281 "(id 0x%x res type 0x%x)\n",
282 resp->msg.init_complete.req_id,
283 resp->ndis_msg_type);
287 static void rndis_filter_receive_indicate_status(struct rndis_device *dev,
288 struct rndis_message *resp)
290 struct rndis_indicate_status *indicate =
291 &resp->msg.indicate_status;
293 if (indicate->status == RNDIS_STATUS_MEDIA_CONNECT) {
294 netvsc_linkstatus_callback(
295 dev->net_dev->dev, 1);
296 } else if (indicate->status == RNDIS_STATUS_MEDIA_DISCONNECT) {
297 netvsc_linkstatus_callback(
298 dev->net_dev->dev, 0);
299 } else {
301 * TODO:
306 static void rndis_filter_receive_data(struct rndis_device *dev,
307 struct rndis_message *msg,
308 struct hv_netvsc_packet *pkt)
310 struct rndis_packet *rndis_pkt;
311 u32 data_offset;
313 rndis_pkt = &msg->msg.pkt;
316 * FIXME: Handle multiple rndis pkt msgs that maybe enclosed in this
317 * netvsc packet (ie TotalDataBufferLength != MessageLength)
320 /* Remove the rndis header and pass it back up the stack */
321 data_offset = RNDIS_HEADER_SIZE + rndis_pkt->data_offset;
323 pkt->total_data_buflen -= data_offset;
326 * Make sure we got a valid RNDIS message, now total_data_buflen
327 * should be the data packet size plus the trailer padding size
329 if (pkt->total_data_buflen < rndis_pkt->data_len) {
330 netdev_err(dev->net_dev->ndev, "rndis message buffer "
331 "overflow detected (got %u, min %u)"
332 "...dropping this message!\n",
333 pkt->total_data_buflen, rndis_pkt->data_len);
334 return;
338 * Remove the rndis trailer padding from rndis packet message
339 * rndis_pkt->data_len tell us the real data length, we only copy
340 * the data packet to the stack, without the rndis trailer padding
342 pkt->total_data_buflen = rndis_pkt->data_len;
343 pkt->data = (void *)((unsigned long)pkt->data + data_offset);
345 pkt->is_data_pkt = true;
347 netvsc_recv_callback(dev->net_dev->dev, pkt);
350 int rndis_filter_receive(struct hv_device *dev,
351 struct hv_netvsc_packet *pkt)
353 struct netvsc_device *net_dev = hv_get_drvdata(dev);
354 struct rndis_device *rndis_dev;
355 struct rndis_message rndis_msg;
356 struct rndis_message *rndis_hdr;
357 struct net_device *ndev;
359 if (!net_dev)
360 return -EINVAL;
362 ndev = net_dev->ndev;
364 /* Make sure the rndis device state is initialized */
365 if (!net_dev->extension) {
366 netdev_err(ndev, "got rndis message but no rndis device - "
367 "dropping this message!\n");
368 return -ENODEV;
371 rndis_dev = (struct rndis_device *)net_dev->extension;
372 if (rndis_dev->state == RNDIS_DEV_UNINITIALIZED) {
373 netdev_err(ndev, "got rndis message but rndis device "
374 "uninitialized...dropping this message!\n");
375 return -ENODEV;
378 rndis_hdr = pkt->data;
380 /* Make sure we got a valid rndis message */
381 if ((rndis_hdr->ndis_msg_type != REMOTE_NDIS_PACKET_MSG) &&
382 (rndis_hdr->msg_len > sizeof(struct rndis_message))) {
383 netdev_err(ndev, "incoming rndis message buffer overflow "
384 "detected (got %u, max %zu)..marking it an error!\n",
385 rndis_hdr->msg_len,
386 sizeof(struct rndis_message));
389 memcpy(&rndis_msg, rndis_hdr,
390 (rndis_hdr->msg_len > sizeof(struct rndis_message)) ?
391 sizeof(struct rndis_message) :
392 rndis_hdr->msg_len);
394 dump_rndis_message(dev, &rndis_msg);
396 switch (rndis_msg.ndis_msg_type) {
397 case REMOTE_NDIS_PACKET_MSG:
398 /* data msg */
399 rndis_filter_receive_data(rndis_dev, &rndis_msg, pkt);
400 break;
402 case REMOTE_NDIS_INITIALIZE_CMPLT:
403 case REMOTE_NDIS_QUERY_CMPLT:
404 case REMOTE_NDIS_SET_CMPLT:
405 /* completion msgs */
406 rndis_filter_receive_response(rndis_dev, &rndis_msg);
407 break;
409 case REMOTE_NDIS_INDICATE_STATUS_MSG:
410 /* notification msgs */
411 rndis_filter_receive_indicate_status(rndis_dev, &rndis_msg);
412 break;
413 default:
414 netdev_err(ndev,
415 "unhandled rndis message (type %u len %u)\n",
416 rndis_msg.ndis_msg_type,
417 rndis_msg.msg_len);
418 break;
421 return 0;
424 static int rndis_filter_query_device(struct rndis_device *dev, u32 oid,
425 void *result, u32 *result_size)
427 struct rndis_request *request;
428 u32 inresult_size = *result_size;
429 struct rndis_query_request *query;
430 struct rndis_query_complete *query_complete;
431 int ret = 0;
432 int t;
434 if (!result)
435 return -EINVAL;
437 *result_size = 0;
438 request = get_rndis_request(dev, REMOTE_NDIS_QUERY_MSG,
439 RNDIS_MESSAGE_SIZE(struct rndis_query_request));
440 if (!request) {
441 ret = -ENOMEM;
442 goto cleanup;
445 /* Setup the rndis query */
446 query = &request->request_msg.msg.query_req;
447 query->oid = oid;
448 query->info_buf_offset = sizeof(struct rndis_query_request);
449 query->info_buflen = 0;
450 query->dev_vc_handle = 0;
452 ret = rndis_filter_send_request(dev, request);
453 if (ret != 0)
454 goto cleanup;
456 t = wait_for_completion_timeout(&request->wait_event, 5*HZ);
457 if (t == 0) {
458 ret = -ETIMEDOUT;
459 goto cleanup;
462 /* Copy the response back */
463 query_complete = &request->response_msg.msg.query_complete;
465 if (query_complete->info_buflen > inresult_size) {
466 ret = -1;
467 goto cleanup;
470 memcpy(result,
471 (void *)((unsigned long)query_complete +
472 query_complete->info_buf_offset),
473 query_complete->info_buflen);
475 *result_size = query_complete->info_buflen;
477 cleanup:
478 if (request)
479 put_rndis_request(dev, request);
481 return ret;
484 static int rndis_filter_query_device_mac(struct rndis_device *dev)
486 u32 size = ETH_ALEN;
488 return rndis_filter_query_device(dev,
489 RNDIS_OID_802_3_PERMANENT_ADDRESS,
490 dev->hw_mac_adr, &size);
493 static int rndis_filter_query_device_link_status(struct rndis_device *dev)
495 u32 size = sizeof(u32);
496 u32 link_status;
497 int ret;
499 ret = rndis_filter_query_device(dev,
500 RNDIS_OID_GEN_MEDIA_CONNECT_STATUS,
501 &link_status, &size);
502 dev->link_state = (link_status != 0) ? true : false;
504 return ret;
507 int rndis_filter_set_packet_filter(struct rndis_device *dev, u32 new_filter)
509 struct rndis_request *request;
510 struct rndis_set_request *set;
511 struct rndis_set_complete *set_complete;
512 u32 status;
513 int ret, t;
514 struct net_device *ndev;
516 ndev = dev->net_dev->ndev;
518 request = get_rndis_request(dev, REMOTE_NDIS_SET_MSG,
519 RNDIS_MESSAGE_SIZE(struct rndis_set_request) +
520 sizeof(u32));
521 if (!request) {
522 ret = -ENOMEM;
523 goto cleanup;
526 /* Setup the rndis set */
527 set = &request->request_msg.msg.set_req;
528 set->oid = RNDIS_OID_GEN_CURRENT_PACKET_FILTER;
529 set->info_buflen = sizeof(u32);
530 set->info_buf_offset = sizeof(struct rndis_set_request);
532 memcpy((void *)(unsigned long)set + sizeof(struct rndis_set_request),
533 &new_filter, sizeof(u32));
535 ret = rndis_filter_send_request(dev, request);
536 if (ret != 0)
537 goto cleanup;
539 t = wait_for_completion_timeout(&request->wait_event, 5*HZ);
541 if (t == 0) {
542 netdev_err(ndev,
543 "timeout before we got a set response...\n");
545 * We can't deallocate the request since we may still receive a
546 * send completion for it.
548 goto exit;
549 } else {
550 set_complete = &request->response_msg.msg.set_complete;
551 status = set_complete->status;
554 cleanup:
555 if (request)
556 put_rndis_request(dev, request);
557 exit:
558 return ret;
562 static int rndis_filter_init_device(struct rndis_device *dev)
564 struct rndis_request *request;
565 struct rndis_initialize_request *init;
566 struct rndis_initialize_complete *init_complete;
567 u32 status;
568 int ret, t;
570 request = get_rndis_request(dev, REMOTE_NDIS_INITIALIZE_MSG,
571 RNDIS_MESSAGE_SIZE(struct rndis_initialize_request));
572 if (!request) {
573 ret = -ENOMEM;
574 goto cleanup;
577 /* Setup the rndis set */
578 init = &request->request_msg.msg.init_req;
579 init->major_ver = RNDIS_MAJOR_VERSION;
580 init->minor_ver = RNDIS_MINOR_VERSION;
581 /* FIXME: Use 1536 - rounded ethernet frame size */
582 init->max_xfer_size = 2048;
584 dev->state = RNDIS_DEV_INITIALIZING;
586 ret = rndis_filter_send_request(dev, request);
587 if (ret != 0) {
588 dev->state = RNDIS_DEV_UNINITIALIZED;
589 goto cleanup;
593 t = wait_for_completion_timeout(&request->wait_event, 5*HZ);
595 if (t == 0) {
596 ret = -ETIMEDOUT;
597 goto cleanup;
600 init_complete = &request->response_msg.msg.init_complete;
601 status = init_complete->status;
602 if (status == RNDIS_STATUS_SUCCESS) {
603 dev->state = RNDIS_DEV_INITIALIZED;
604 ret = 0;
605 } else {
606 dev->state = RNDIS_DEV_UNINITIALIZED;
607 ret = -EINVAL;
610 cleanup:
611 if (request)
612 put_rndis_request(dev, request);
614 return ret;
617 static void rndis_filter_halt_device(struct rndis_device *dev)
619 struct rndis_request *request;
620 struct rndis_halt_request *halt;
622 /* Attempt to do a rndis device halt */
623 request = get_rndis_request(dev, REMOTE_NDIS_HALT_MSG,
624 RNDIS_MESSAGE_SIZE(struct rndis_halt_request));
625 if (!request)
626 goto cleanup;
628 /* Setup the rndis set */
629 halt = &request->request_msg.msg.halt_req;
630 halt->req_id = atomic_inc_return(&dev->new_req_id);
632 /* Ignore return since this msg is optional. */
633 rndis_filter_send_request(dev, request);
635 dev->state = RNDIS_DEV_UNINITIALIZED;
637 cleanup:
638 if (request)
639 put_rndis_request(dev, request);
640 return;
643 static int rndis_filter_open_device(struct rndis_device *dev)
645 int ret;
647 if (dev->state != RNDIS_DEV_INITIALIZED)
648 return 0;
650 ret = rndis_filter_set_packet_filter(dev,
651 NDIS_PACKET_TYPE_BROADCAST |
652 NDIS_PACKET_TYPE_ALL_MULTICAST |
653 NDIS_PACKET_TYPE_DIRECTED);
654 if (ret == 0)
655 dev->state = RNDIS_DEV_DATAINITIALIZED;
657 return ret;
660 static int rndis_filter_close_device(struct rndis_device *dev)
662 int ret;
664 if (dev->state != RNDIS_DEV_DATAINITIALIZED)
665 return 0;
667 ret = rndis_filter_set_packet_filter(dev, 0);
668 if (ret == 0)
669 dev->state = RNDIS_DEV_INITIALIZED;
671 return ret;
674 int rndis_filter_device_add(struct hv_device *dev,
675 void *additional_info)
677 int ret;
678 struct netvsc_device *net_device;
679 struct rndis_device *rndis_device;
680 struct netvsc_device_info *device_info = additional_info;
682 rndis_device = get_rndis_device();
683 if (!rndis_device)
684 return -ENODEV;
687 * Let the inner driver handle this first to create the netvsc channel
688 * NOTE! Once the channel is created, we may get a receive callback
689 * (RndisFilterOnReceive()) before this call is completed
691 ret = netvsc_device_add(dev, additional_info);
692 if (ret != 0) {
693 kfree(rndis_device);
694 return ret;
698 /* Initialize the rndis device */
699 net_device = hv_get_drvdata(dev);
701 net_device->extension = rndis_device;
702 rndis_device->net_dev = net_device;
704 /* Send the rndis initialization message */
705 ret = rndis_filter_init_device(rndis_device);
706 if (ret != 0) {
708 * TODO: If rndis init failed, we will need to shut down the
709 * channel
713 /* Get the mac address */
714 ret = rndis_filter_query_device_mac(rndis_device);
715 if (ret != 0) {
717 * TODO: shutdown rndis device and the channel
721 memcpy(device_info->mac_adr, rndis_device->hw_mac_adr, ETH_ALEN);
723 rndis_filter_query_device_link_status(rndis_device);
725 device_info->link_state = rndis_device->link_state;
727 dev_info(&dev->device, "Device MAC %pM link state %s\n",
728 rndis_device->hw_mac_adr,
729 device_info->link_state ? "down" : "up");
731 return ret;
734 void rndis_filter_device_remove(struct hv_device *dev)
736 struct netvsc_device *net_dev = hv_get_drvdata(dev);
737 struct rndis_device *rndis_dev = net_dev->extension;
739 /* Halt and release the rndis device */
740 rndis_filter_halt_device(rndis_dev);
742 kfree(rndis_dev);
743 net_dev->extension = NULL;
745 netvsc_device_remove(dev);
749 int rndis_filter_open(struct hv_device *dev)
751 struct netvsc_device *net_device = hv_get_drvdata(dev);
753 if (!net_device)
754 return -EINVAL;
756 return rndis_filter_open_device(net_device->extension);
759 int rndis_filter_close(struct hv_device *dev)
761 struct netvsc_device *netDevice = hv_get_drvdata(dev);
763 if (!netDevice)
764 return -EINVAL;
766 return rndis_filter_close_device(netDevice->extension);
769 int rndis_filter_send(struct hv_device *dev,
770 struct hv_netvsc_packet *pkt)
772 int ret;
773 struct rndis_filter_packet *filterPacket;
774 struct rndis_message *rndisMessage;
775 struct rndis_packet *rndisPacket;
776 u32 rndisMessageSize;
778 /* Add the rndis header */
779 filterPacket = (struct rndis_filter_packet *)pkt->extension;
781 memset(filterPacket, 0, sizeof(struct rndis_filter_packet));
783 rndisMessage = &filterPacket->msg;
784 rndisMessageSize = RNDIS_MESSAGE_SIZE(struct rndis_packet);
786 rndisMessage->ndis_msg_type = REMOTE_NDIS_PACKET_MSG;
787 rndisMessage->msg_len = pkt->total_data_buflen +
788 rndisMessageSize;
790 rndisPacket = &rndisMessage->msg.pkt;
791 rndisPacket->data_offset = sizeof(struct rndis_packet);
792 rndisPacket->data_len = pkt->total_data_buflen;
794 pkt->is_data_pkt = true;
795 pkt->page_buf[0].pfn = virt_to_phys(rndisMessage) >> PAGE_SHIFT;
796 pkt->page_buf[0].offset =
797 (unsigned long)rndisMessage & (PAGE_SIZE-1);
798 pkt->page_buf[0].len = rndisMessageSize;
800 /* Add one page_buf if the rndis msg goes beyond page boundary */
801 if (pkt->page_buf[0].offset + rndisMessageSize > PAGE_SIZE) {
802 int i;
803 for (i = pkt->page_buf_cnt; i > 1; i--)
804 pkt->page_buf[i] = pkt->page_buf[i-1];
805 pkt->page_buf_cnt++;
806 pkt->page_buf[0].len = PAGE_SIZE - pkt->page_buf[0].offset;
807 pkt->page_buf[1].pfn = virt_to_phys((void *)((ulong)
808 rndisMessage + pkt->page_buf[0].len)) >> PAGE_SHIFT;
809 pkt->page_buf[1].offset = 0;
810 pkt->page_buf[1].len = rndisMessageSize - pkt->page_buf[0].len;
813 /* Save the packet send completion and context */
814 filterPacket->completion = pkt->completion.send.send_completion;
815 filterPacket->completion_ctx =
816 pkt->completion.send.send_completion_ctx;
818 /* Use ours */
819 pkt->completion.send.send_completion = rndis_filter_send_completion;
820 pkt->completion.send.send_completion_ctx = filterPacket;
822 ret = netvsc_send(dev, pkt);
823 if (ret != 0) {
825 * Reset the completion to originals to allow retries from
826 * above
828 pkt->completion.send.send_completion =
829 filterPacket->completion;
830 pkt->completion.send.send_completion_ctx =
831 filterPacket->completion_ctx;
834 return ret;
837 static void rndis_filter_send_completion(void *ctx)
839 struct rndis_filter_packet *filterPacket = ctx;
841 /* Pass it back to the original handler */
842 filterPacket->completion(filterPacket->completion_ctx);
846 static void rndis_filter_send_request_completion(void *ctx)
848 /* Noop */