From owner-svn-src-head@freebsd.org  Mon Oct 10 05:59:32 2016
Return-Path: <owner-svn-src-head@freebsd.org>
Delivered-To: svn-src-head@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 31ECFC0B4C2;
 Mon, 10 Oct 2016 05:59:32 +0000 (UTC)
 (envelope-from sephe@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id E3CA87F4;
 Mon, 10 Oct 2016 05:59:31 +0000 (UTC)
 (envelope-from sephe@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id u9A5xUYV015967;
 Mon, 10 Oct 2016 05:59:30 GMT (envelope-from sephe@FreeBSD.org)
Received: (from sephe@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id u9A5xUkL015966;
 Mon, 10 Oct 2016 05:59:30 GMT (envelope-from sephe@FreeBSD.org)
Message-Id: <201610100559.u9A5xUkL015966@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: sephe set sender to
 sephe@FreeBSD.org using -f
From: Sepherosa Ziehau <sephe@FreeBSD.org>
Date: Mon, 10 Oct 2016 05:59:30 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-head@freebsd.org
Subject: svn commit: r306938 - head/sys/dev/hyperv/netvsc
X-SVN-Group: head
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-src-head@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: SVN commit messages for the src tree for head/-current
 <svn-src-head.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-head>,
 <mailto:svn-src-head-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-head/>
List-Post: <mailto:svn-src-head@freebsd.org>
List-Help: <mailto:svn-src-head-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-head>,
 <mailto:svn-src-head-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 10 Oct 2016 05:59:32 -0000

Author: sephe
Date: Mon Oct 10 05:59:30 2016
New Revision: 306938
URL: https://svnweb.freebsd.org/changeset/base/306938

Log:
  hyperv/hn: Generalize RSS capabilities query.
  
  - Support NDIS < 6.30.
  - Stringent response checks.
  
  MFC after:	1 week
  Sponsored by:	Microsoft
  Differential Revision:	https://reviews.freebsd.org/D8090

Modified:
  head/sys/dev/hyperv/netvsc/hv_rndis_filter.c

Modified: head/sys/dev/hyperv/netvsc/hv_rndis_filter.c
==============================================================================
--- head/sys/dev/hyperv/netvsc/hv_rndis_filter.c	Mon Oct 10 05:50:01 2016	(r306937)
+++ head/sys/dev/hyperv/netvsc/hv_rndis_filter.c	Mon Oct 10 05:59:30 2016	(r306938)
@@ -745,26 +745,44 @@ hn_rndis_get_rsscaps(struct hn_softc *sc
 	size_t caps_len;
 	int error;
 
-	/*
-	 * Only NDIS 6.30+ is supported.
-	 */
-	KASSERT(sc->hn_ndis_ver >= HN_NDIS_VERSION_6_30,
-	    ("NDIS 6.30+ is required, NDIS version 0x%08x", sc->hn_ndis_ver));
 	*rxr_cnt = 0;
 
 	memset(&in, 0, sizeof(in));
 	in.ndis_hdr.ndis_type = NDIS_OBJTYPE_RSS_CAPS;
-	in.ndis_hdr.ndis_rev = NDIS_RSS_CAPS_REV_2;
-	in.ndis_hdr.ndis_size = NDIS_RSS_CAPS_SIZE;
+	if (sc->hn_ndis_ver < HN_NDIS_VERSION_6_30) {
+		in.ndis_hdr.ndis_rev = NDIS_RSS_CAPS_REV_1;
+		in.ndis_hdr.ndis_size = NDIS_RSS_CAPS_SIZE_6_0;
+	} else {
+		in.ndis_hdr.ndis_rev = NDIS_RSS_CAPS_REV_2;
+		in.ndis_hdr.ndis_size = NDIS_RSS_CAPS_SIZE;
+	}
 
 	caps_len = NDIS_RSS_CAPS_SIZE;
-	error = hn_rndis_query(sc, OID_GEN_RECEIVE_SCALE_CAPABILITIES,
-	    &in, NDIS_RSS_CAPS_SIZE, &caps, &caps_len);
+	error = hn_rndis_query2(sc, OID_GEN_RECEIVE_SCALE_CAPABILITIES,
+	    &in, NDIS_RSS_CAPS_SIZE, &caps, &caps_len, NDIS_RSS_CAPS_SIZE_6_0);
 	if (error)
 		return (error);
-	if (caps_len < NDIS_RSS_CAPS_SIZE_6_0) {
-		if_printf(sc->hn_ifp, "invalid NDIS RSS caps len %zu",
-		    caps_len);
+
+	/*
+	 * Preliminary verification.
+	 */
+	if (caps.ndis_hdr.ndis_type != NDIS_OBJTYPE_RSS_CAPS) {
+		if_printf(sc->hn_ifp, "invalid NDIS objtype 0x%02x\n",
+		    caps.ndis_hdr.ndis_type);
+		return (EINVAL);
+	}
+	if (caps.ndis_hdr.ndis_rev < NDIS_RSS_CAPS_REV_1) {
+		if_printf(sc->hn_ifp, "invalid NDIS objrev 0x%02x\n",
+		    caps.ndis_hdr.ndis_rev);
+		return (EINVAL);
+	}
+	if (caps.ndis_hdr.ndis_size > caps_len) {
+		if_printf(sc->hn_ifp, "invalid NDIS objsize %u, "
+		    "data size %zu\n", caps.ndis_hdr.ndis_size, caps_len);
+		return (EINVAL);
+	} else if (caps.ndis_hdr.ndis_size < NDIS_RSS_CAPS_SIZE_6_0) {
+		if_printf(sc->hn_ifp, "invalid NDIS objsize %u\n",
+		    caps.ndis_hdr.ndis_size);
 		return (EINVAL);
 	}
 
@@ -774,7 +792,7 @@ hn_rndis_get_rsscaps(struct hn_softc *sc
 	}
 	*rxr_cnt = caps.ndis_nrxr;
 
-	if (caps_len == NDIS_RSS_CAPS_SIZE) {
+	if (caps.ndis_hdr.ndis_size == NDIS_RSS_CAPS_SIZE) {
 		if (bootverbose) {
 			if_printf(sc->hn_ifp, "RSS indirect table size %u\n",
 			    caps.ndis_nind);