From patchwork Tue Apr 1 22:14:49 2014 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Peter Maydell X-Patchwork-Id: 27580 Return-Path: X-Original-To: linaro@patches.linaro.org Delivered-To: linaro@patches.linaro.org Received: from mail-qa0-f72.google.com (mail-qa0-f72.google.com [209.85.216.72]) by ip-10-151-82-157.ec2.internal (Postfix) with ESMTPS id 1543220341 for ; Tue, 1 Apr 2014 22:15:01 +0000 (UTC) Received: by mail-qa0-f72.google.com with SMTP id dc16sf12868425qab.3 for ; Tue, 01 Apr 2014 15:15:00 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:delivered-to:from:to:cc:subject :date:message-id:in-reply-to:references:x-original-sender :x-original-authentication-results:precedence:mailing-list:list-id :list-post:list-help:list-archive:list-unsubscribe; bh=b7lSX1QHq7DyNV7GDgVfx11Oyt891rGYtHcYEywjrjs=; b=SSB4Rb+8lKhaUoUUSksFExSpUygQ9Yw4RHcDMEqlDvDtU4GaWDVJEke0CX4+ajYMbw sqJ1alHqKcNgpCC74x2iNNb4Z9IyAFGjFWkmZySKuAD9lYrjW/gZDVIWGwH57xgLN4wf uuWAcuw4OHuyjSDLy3QxGedf6h/I1L1xMCFS5HKRCyeg7Fzkv7h3ueVtcb4kLCKwu/ID gPVIVwYVdoirIACVgzuoVr02Q+4XUaKRZnbbeGfWAyAXvd2ANDUmebbKhPeKVKUfqEgv H5xHFM1Uw8abw3abxxHVdmR5+dVbXSSMAxnb7JAr3Vq2LAmvJt+FozliXvY304I9jzC/ Ncvg== X-Gm-Message-State: ALoCoQnhsU1jt+jlRPXKDNmns4qNcLKb6PAGhIiHM+qhct3aChpTxDpEKdXQwAYKiOCGk+OhPK+l X-Received: by 10.236.118.38 with SMTP id k26mr14180343yhh.35.1396390500726; Tue, 01 Apr 2014 15:15:00 -0700 (PDT) MIME-Version: 1.0 X-BeenThere: patchwork-forward@linaro.org Received: by 10.140.41.169 with SMTP id z38ls144602qgz.36.gmail; Tue, 01 Apr 2014 15:15:00 -0700 (PDT) X-Received: by 10.52.119.178 with SMTP id kv18mr2914081vdb.39.1396390500630; Tue, 01 Apr 2014 15:15:00 -0700 (PDT) Received: from mail-vc0-f176.google.com (mail-vc0-f176.google.com [209.85.220.176]) by mx.google.com with ESMTPS id vd8si4006164vdc.124.2014.04.01.15.15.00 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Tue, 01 Apr 2014 15:15:00 -0700 (PDT) Received-SPF: neutral (google.com: 209.85.220.176 is neither permitted nor denied by best guess record for domain of patch+caf_=patchwork-forward=linaro.org@linaro.org) client-ip=209.85.220.176; Received: by mail-vc0-f176.google.com with SMTP id lc6so10456506vcb.21 for ; Tue, 01 Apr 2014 15:15:00 -0700 (PDT) X-Received: by 10.52.34.137 with SMTP id z9mr25842785vdi.12.1396390500539; Tue, 01 Apr 2014 15:15:00 -0700 (PDT) X-Forwarded-To: patchwork-forward@linaro.org X-Forwarded-For: patch@linaro.org patchwork-forward@linaro.org Delivered-To: patches@linaro.org Received: by 10.220.12.8 with SMTP id v8csp273744vcv; Tue, 1 Apr 2014 15:14:59 -0700 (PDT) X-Received: by 10.194.71.164 with SMTP id w4mr17491296wju.0.1396390498870; Tue, 01 Apr 2014 15:14:58 -0700 (PDT) Received: from mnementh.archaic.org.uk (mnementh.archaic.org.uk. [2001:8b0:1d0::1]) by mx.google.com with ESMTPS id x47si29987799eel.343.2014.04.01.15.14.58 for (version=TLSv1.2 cipher=RC4-SHA bits=128/128); Tue, 01 Apr 2014 15:14:58 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of pm215@archaic.org.uk designates 2001:8b0:1d0::1 as permitted sender) client-ip=2001:8b0:1d0::1; Received: from pm215 by mnementh.archaic.org.uk with local (Exim 4.80) (envelope-from ) id 1WV6xL-0002KC-QE; Tue, 01 Apr 2014 23:14:55 +0100 From: Peter Maydell To: qemu-devel@nongnu.org Cc: patches@linaro.org, "Michael S. Tsirkin" , "Dr. David Alan Gilbert" Subject: [PATCH v2 1/7] hw/net/stellaris_enet: Restructure tx_fifo code to avoid buffer overrun Date: Tue, 1 Apr 2014 23:14:49 +0100 Message-Id: <1396390495-8908-2-git-send-email-peter.maydell@linaro.org> X-Mailer: git-send-email 1.7.10.4 In-Reply-To: <1396390495-8908-1-git-send-email-peter.maydell@linaro.org> References: <1396390495-8908-1-git-send-email-peter.maydell@linaro.org> X-Removed-Original-Auth: Dkim didn't pass. X-Original-Sender: peter.maydell@linaro.org X-Original-Authentication-Results: mx.google.com; spf=neutral (google.com: 209.85.220.176 is neither permitted nor denied by best guess record for domain of patch+caf_=patchwork-forward=linaro.org@linaro.org) smtp.mail=patch+caf_=patchwork-forward=linaro.org@linaro.org Precedence: list Mailing-list: list patchwork-forward@linaro.org; contact patchwork-forward+owners@linaro.org List-ID: X-Google-Group-Id: 836684582541 List-Post: , List-Help: , List-Archive: List-Unsubscribe: , The current tx_fifo code has a corner case where the guest can overrun the fifo buffer: if automatic CRCs are disabled we allow the guest to write the CRC word even if there isn't actually space for it in the FIFO. The datasheet is unclear about exactly how the hardware deals with this situation; the most plausible answer seems to be that the CRC word is just lost. Implement this fix by separating the "can we stuff another word in the FIFO" logic from the "should we transmit the packet now" check. This also moves us closer to the real hardware, which has a number of ways it can be configured to trigger sending the packet, some of which we don't implement. Signed-off-by: Peter Maydell Reviewed-by: Dr. David Alan Gilbert Cc: qemu-stable@nongnu.org --- hw/net/stellaris_enet.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/hw/net/stellaris_enet.c b/hw/net/stellaris_enet.c index d04e6a4..bd844cd 100644 --- a/hw/net/stellaris_enet.c +++ b/hw/net/stellaris_enet.c @@ -253,10 +253,12 @@ static void stellaris_enet_write(void *opaque, hwaddr offset, s->tx_fifo[s->tx_fifo_len++] = value >> 24; } } else { - s->tx_fifo[s->tx_fifo_len++] = value; - s->tx_fifo[s->tx_fifo_len++] = value >> 8; - s->tx_fifo[s->tx_fifo_len++] = value >> 16; - s->tx_fifo[s->tx_fifo_len++] = value >> 24; + if (s->tx_fifo_len + 4 <= ARRAY_SIZE(s->tx_fifo)) { + s->tx_fifo[s->tx_fifo_len++] = value; + s->tx_fifo[s->tx_fifo_len++] = value >> 8; + s->tx_fifo[s->tx_fifo_len++] = value >> 16; + s->tx_fifo[s->tx_fifo_len++] = value >> 24; + } if (s->tx_fifo_len >= s->tx_frame_len) { /* We don't implement explicit CRC, so just chop it off. */ if ((s->tctl & SE_TCTL_CRC) == 0)