From patchwork Wed Aug  6 20:38:11 2014
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Michael Roth <mdroth@linux.vnet.ibm.com>
X-Patchwork-Id: 34992
Return-Path: <patchwork-forward+bncBCX5ZQEZUQNBBLVGRKPQKGQEHAJB23I@linaro.org>
X-Original-To: linaro@patches.linaro.org
Delivered-To: linaro@patches.linaro.org
Received: from mail-oa0-f72.google.com (mail-oa0-f72.google.com
 [209.85.219.72])
 by ip-10-151-82-157.ec2.internal (Postfix) with ESMTPS id 8A10B21137
 for <linaro@patches.linaro.org>; Wed,  6 Aug 2014 20:42:22 +0000 (UTC)
Received: by mail-oa0-f72.google.com with SMTP id m1sf12518951oag.7
 for <linaro@patches.linaro.org>; Wed, 06 Aug 2014 13:42:22 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20130820;
 h=x-gm-message-state:mime-version:delivered-to:from:to:date
 :message-id:in-reply-to:references:cc:subject:precedence:list-id
 :list-unsubscribe:list-archive:list-post:list-help:list-subscribe
 :errors-to:sender:x-original-sender
 :x-original-authentication-results:mailing-list;
 bh=uKMFNGCGx+cSj1vAxxJ1wvnsnUlzNBK4gTql64rZRwc=;
 b=VJQbYmQgmnItoLo1TzP8g6rRCl67t88h2NEcpY5xG0DxcfskALwDyBRmtGhpQVM/d0
 m4cUcp3rBn1jD6Lf3v8o0RDR0wJkwPiNOPfHGzIWoMjI72UDfZVJidrjYBa1XhczF8+S
 SugxACZif3tMcqn0hVGTSjMumq4u/fAfrkxZFnBO3cNdhB/RWMFjnsfAmTVA+BCxcs8P
 eNqjKroeejO2g0pYwJ5edogRDHsR6HpCDfMBr8M+D363H5hlOcap+XobbKqAVTXqweS5
 YBojPFS3t8SkGfLdYDwA0KLdB+B7moBVcKOxvsrtJoNms9c8G/MxI6CZiTgJDWAV6wSh
 c7uA==
X-Gm-Message-State: ALoCoQme92oLi8NMKPdummU59gYOE6dfQgWjUlDqo1yxO1orX9ywGMKY5yZnmFhF2bU4OP+EYOnd
X-Received: by 10.182.29.10 with SMTP id f10mr6789254obh.23.1407357742169;
 Wed, 06 Aug 2014 13:42:22 -0700 (PDT)
MIME-Version: 1.0
X-BeenThere: patchwork-forward@linaro.org
Received: by 10.140.20.242 with SMTP id 105ls403546qgj.12.gmail; Wed, 06 Aug
 2014 13:42:22 -0700 (PDT)
X-Received: by 10.52.142.102 with SMTP id rv6mr10967349vdb.26.1407357742058; 
 Wed, 06 Aug 2014 13:42:22 -0700 (PDT)
Received: from mail-vc0-f182.google.com (mail-vc0-f182.google.com
 [209.85.220.182])
 by mx.google.com with ESMTPS id fb5si947739veb.39.2014.08.06.13.42.22
 for <patchwork-forward@linaro.org>
 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128);
 Wed, 06 Aug 2014 13:42:22 -0700 (PDT)
Received-SPF: pass (google.com: domain of
 patch+caf_=patchwork-forward=linaro.org@linaro.org designates
 209.85.220.182 as permitted sender) client-ip=209.85.220.182; 
Received: by mail-vc0-f182.google.com with SMTP id hy4so4994755vcb.27
 for <patchwork-forward@linaro.org>;
 Wed, 06 Aug 2014 13:42:21 -0700 (PDT)
X-Received: by 10.52.245.66 with SMTP id xm2mr4096946vdc.36.1407357741946;
 Wed, 06 Aug 2014 13:42:21 -0700 (PDT)
X-Forwarded-To: patchwork-forward@linaro.org
X-Forwarded-For: patch@linaro.org patchwork-forward@linaro.org
Delivered-To: patch@linaro.org
Received: by 10.221.37.5 with SMTP id tc5csp54940vcb;
 Wed, 6 Aug 2014 13:42:21 -0700 (PDT)
X-Received: by 10.140.19.100 with SMTP id 91mr6918551qgg.32.1407357740698;
 Wed, 06 Aug 2014 13:42:20 -0700 (PDT)
Received: from lists.gnu.org (lists.gnu.org. [2001:4830:134:3::11])
 by mx.google.com with ESMTPS id m8si3466992qas.0.2014.08.06.13.42.20
 for <patch@linaro.org> (version=TLSv1 cipher=RC4-SHA bits=128/128);
 Wed, 06 Aug 2014 13:42:20 -0700 (PDT)
Received-SPF: pass (google.com: domain of
 qemu-devel-bounces+patch=linaro.org@nongnu.org designates
 2001:4830:134:3::11 as permitted sender)
 client-ip=2001:4830:134:3::11; 
Received: from localhost ([::1]:40925 helo=lists.gnu.org)
 by lists.gnu.org with esmtp (Exim 4.71)
 (envelope-from <qemu-devel-bounces+patch=linaro.org@nongnu.org>)
 id 1XF82N-0006KT-S7
 for patch@linaro.org; Wed, 06 Aug 2014 16:42:19 -0400
Received: from eggs.gnu.org ([2001:4830:134:3::10]:36558)
 by lists.gnu.org with esmtp (Exim 4.71)
 (envelope-from <mdroth@linux.vnet.ibm.com>) id 1XF816-0005IL-2Z
 for qemu-devel@nongnu.org; Wed, 06 Aug 2014 16:41:07 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <mdroth@linux.vnet.ibm.com>) id 1XF80w-0003vW-9N
 for qemu-devel@nongnu.org; Wed, 06 Aug 2014 16:41:00 -0400
Received: from e9.ny.us.ibm.com ([32.97.182.139]:38457)
 by eggs.gnu.org with esmtp (Exim 4.71)
 (envelope-from <mdroth@linux.vnet.ibm.com>) id 1XF80w-0003vQ-4G
 for qemu-devel@nongnu.org; Wed, 06 Aug 2014 16:40:50 -0400
Received: from /spool/local
 by e9.ny.us.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only!
 Violators will be prosecuted
 for <qemu-devel@nongnu.org> from <mdroth@linux.vnet.ibm.com>;
 Wed, 6 Aug 2014 16:40:49 -0400
Received: from d01dlp01.pok.ibm.com (9.56.250.166)
 by e9.ny.us.ibm.com (192.168.1.109) with IBM ESMTP SMTP Gateway:
 Authorized Use Only! Violators will be prosecuted; 
 Wed, 6 Aug 2014 16:40:47 -0400
Received: from b01cxnp22033.gho.pok.ibm.com (b01cxnp22033.gho.pok.ibm.com
 [9.57.198.23])
 by d01dlp01.pok.ibm.com (Postfix) with ESMTP id 3BCD138C803B;
 Wed,  6 Aug 2014 16:40:47 -0400 (EDT)
Received: from d01av03.pok.ibm.com (d01av03.pok.ibm.com [9.56.224.217])
 by b01cxnp22033.gho.pok.ibm.com (8.13.8/8.13.8/NCO v10.0) with ESMTP
 id s76KelBh6357464; Wed, 6 Aug 2014 20:40:47 GMT
Received: from d01av03.pok.ibm.com (localhost [127.0.0.1])
 by d01av03.pok.ibm.com (8.14.4/8.14.4/NCO v10.0 AVout) with ESMTP id
 s76Kekat021998; Wed, 6 Aug 2014 16:40:47 -0400
Received: from localhost ([9.80.101.111])
 by d01av03.pok.ibm.com (8.14.4/8.14.4/NCO v10.0 AVin) with ESMTP id
 s76KekW3021943; Wed, 6 Aug 2014 16:40:46 -0400
From: Michael Roth <mdroth@linux.vnet.ibm.com>
To: qemu-devel@nongnu.org
Date: Wed,  6 Aug 2014 15:38:11 -0500
Message-Id: <1407357598-21541-2-git-send-email-mdroth@linux.vnet.ibm.com>
X-Mailer: git-send-email 1.9.1
In-Reply-To: <1407357598-21541-1-git-send-email-mdroth@linux.vnet.ibm.com>
References: <1407357598-21541-1-git-send-email-mdroth@linux.vnet.ibm.com>
X-TM-AS-MML: disable
X-Content-Scanned: Fidelis XPS MAILER
x-cbid: 14080620-7182-0000-0000-00000024D2DE
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x
X-Received-From: 32.97.182.139
Cc: qemu-stable@nongnu.org
Subject: [Qemu-devel] [PATCH 001/108] hw/net/stellaris_enet: Restructure
 tx_fifo code to avoid buffer overrun
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: <patchwork-forward.linaro.org>
List-Unsubscribe: <mailto:googlegroups-manage+836684582541+unsubscribe@googlegroups.com>, 
 <http://groups.google.com/a/linaro.org/group/patchwork-forward/subscribe>
List-Archive: <http://groups.google.com/a/linaro.org/group/patchwork-forward/>
List-Post: <http://groups.google.com/a/linaro.org/group/patchwork-forward/post>, 
 <mailto:patchwork-forward@linaro.org>
List-Help: <http://support.google.com/a/linaro.org/bin/topic.py?topic=25838>, 
 <mailto:patchwork-forward+help@linaro.org>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org
Sender: qemu-devel-bounces+patch=linaro.org@nongnu.org
X-Removed-Original-Auth: Dkim didn't pass.
X-Original-Sender: mdroth@linux.vnet.ibm.com
X-Original-Authentication-Results: mx.google.com; spf=pass (google.com:
 domain of
 patch+caf_=patchwork-forward=linaro.org@linaro.org designates
 209.85.220.182 as permitted sender)
 smtp.mail=patch+caf_=patchwork-forward=linaro.org@linaro.org
Mailing-list: list patchwork-forward@linaro.org;
 contact patchwork-forward+owners@linaro.org
X-Google-Group-Id: 836684582541

From: Peter Maydell <peter.maydell@linaro.org>

The current tx_fifo code has a corner case where the guest can overrun
the fifo buffer: if automatic CRCs are disabled we allow the guest to write
the CRC word even if there isn't actually space for it in the FIFO.
The datasheet is unclear about exactly how the hardware deals with this
situation; the most plausible answer seems to be that the CRC word is
just lost.

Implement this fix by separating the "can we stuff another word in the
FIFO" logic from the "should we transmit the packet now" check. This
also moves us closer to the real hardware, which has a number of ways
it can be configured to trigger sending the packet, some of which we
don't implement.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Cc: qemu-stable@nongnu.org
(cherry picked from commit 5c10495ab1546d5d12b51a97817051e9ec98d0f6)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
---
 hw/net/stellaris_enet.c | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/hw/net/stellaris_enet.c b/hw/net/stellaris_enet.c
index d04e6a4..bd844cd 100644
--- a/hw/net/stellaris_enet.c
+++ b/hw/net/stellaris_enet.c
@@ -253,10 +253,12 @@ static void stellaris_enet_write(void *opaque, hwaddr offset,
                 s->tx_fifo[s->tx_fifo_len++] = value >> 24;
             }
         } else {
-            s->tx_fifo[s->tx_fifo_len++] = value;
-            s->tx_fifo[s->tx_fifo_len++] = value >> 8;
-            s->tx_fifo[s->tx_fifo_len++] = value >> 16;
-            s->tx_fifo[s->tx_fifo_len++] = value >> 24;
+            if (s->tx_fifo_len + 4 <= ARRAY_SIZE(s->tx_fifo)) {
+                s->tx_fifo[s->tx_fifo_len++] = value;
+                s->tx_fifo[s->tx_fifo_len++] = value >> 8;
+                s->tx_fifo[s->tx_fifo_len++] = value >> 16;
+                s->tx_fifo[s->tx_fifo_len++] = value >> 24;
+            }
             if (s->tx_fifo_len >= s->tx_frame_len) {
                 /* We don't implement explicit CRC, so just chop it off.  */
                 if ((s->tctl & SE_TCTL_CRC) == 0)