From: P J P <ppandit@redhat.com>
To: Qemu Developers <qemu-devel@nongnu.org>
Cc: Li Qiang <liqiang6-s@360.cn>, Jason Wang <jasowang@redhat.com>,
Prasad J Pandit <pjp@fedoraproject.org>
Subject: [Qemu-devel] [PATCH 1/2] net: pcnet: check rx/tx descriptor ring length
Date: Fri, 30 Sep 2016 00:27:33 +0530 [thread overview]
Message-ID: <1475175454-3116-2-git-send-email-ppandit@redhat.com> (raw)
In-Reply-To: <1475175454-3116-1-git-send-email-ppandit@redhat.com>
From: Prasad J Pandit <pjp@fedoraproject.org>
The AMD PC-Net II emulator has set of control and status(CSR)
registers. Of these, CSR76 and CSR78 hold receive and transmit
descriptor ring length respectively. This ring length could range
from 1 to 65535. Setting ring length to zero leads to an infinite
loop in pcnet_rdra_addr. Add check to avoid it.
Reported-by: Li Qiang <liqiang6-s@360.cn>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
---
hw/net/pcnet.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/hw/net/pcnet.c b/hw/net/pcnet.c
index 198a01f..3078de8 100644
--- a/hw/net/pcnet.c
+++ b/hw/net/pcnet.c
@@ -1429,8 +1429,11 @@ static void pcnet_csr_writew(PCNetState *s, uint32_t rap, uint32_t new_value)
case 47: /* POLLINT */
case 72:
case 74:
+ break;
case 76: /* RCVRL */
case 78: /* XMTRL */
+ val = (val > 0) ? val : 512;
+ break;
case 112:
if (CSR_STOP(s) || CSR_SPND(s))
break;
--
2.5.5
next prev parent reply other threads:[~2016-09-29 18:57 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-09-29 18:57 [Qemu-devel] [PATCH 0/2] net: pcnet: fix infinite loop and source format P J P
2016-09-29 18:57 ` P J P [this message]
2016-09-30 3:06 ` [Qemu-devel] [PATCH 1/2] net: pcnet: check rx/tx descriptor ring length Jason Wang
2016-09-30 5:36 ` P J P
2016-10-20 2:03 ` Jason Wang
2016-09-29 18:57 ` [Qemu-devel] [PATCH 2/2] net: pcnet: fix source formatting and indentation P J P
2016-09-30 3:08 ` Jason Wang
2016-09-30 6:50 ` P J P
2016-09-29 19:08 ` [Qemu-devel] [PATCH 0/2] net: pcnet: fix infinite loop and source format no-reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1475175454-3116-2-git-send-email-ppandit@redhat.com \
--to=ppandit@redhat.com \
--cc=jasowang@redhat.com \
--cc=liqiang6-s@360.cn \
--cc=pjp@fedoraproject.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.