From patchwork Mon Apr 28 12:39:24 2014 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Peter Maydell X-Patchwork-Id: 29234 Return-Path: X-Original-To: linaro@patches.linaro.org Delivered-To: linaro@patches.linaro.org Received: from mail-oa0-f69.google.com (mail-oa0-f69.google.com [209.85.219.69]) by ip-10-151-82-157.ec2.internal (Postfix) with ESMTPS id DBA6D20553 for ; Mon, 28 Apr 2014 12:39:41 +0000 (UTC) Received: by mail-oa0-f69.google.com with SMTP id i4sf40614479oah.0 for ; Mon, 28 Apr 2014 05:39:40 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:delivered-to:from:to:cc:subject :date:message-id:in-reply-to:references:x-original-sender :x-original-authentication-results:precedence:mailing-list:list-id :list-post:list-help:list-archive:list-unsubscribe; bh=qJ2lWG62yvOj4FPLmpyMiH9hu83GnF4xKT56dEJgslI=; b=TSvhH47vlQ6LFWIxLxOyGL+gHCf8jNHPUTheuUsFFOqVaDUc+RW1tNZhIOR32pwdrO pvGvIBl0Sv1GR4//ULU2i9SrQYpwKhwDXp/k/uRfundS1LDJvZT8iqN+kyTch3PI8nmy 5P0EkVb2Jsqo+7MWpAcF7XIBJxQ00USnRser3b8jpPjQn/l2nmc9+55i0qK9eW20UC/R 2ECJwgHYlgtr16sQMw+2t8WfrmkMrBvVhF34yfg3UbmTGWR3v6JJ2gjEUnWFFtgEtGEt zpkurZAlYkG27FowXB9Obd0Wmj/e8urg5sRmFryovy3JUHDSunQaa+g+n45j1k6IoG7+ CcDA== X-Gm-Message-State: ALoCoQmKkvcJaCP1pgLPadgEW+QvtuuMCqGjZV0jFzIeRzctvTE3JatjW1P7bS06h7ho5elREYNY X-Received: by 10.182.213.37 with SMTP id np5mr12917366obc.36.1398688780585; Mon, 28 Apr 2014 05:39:40 -0700 (PDT) MIME-Version: 1.0 X-BeenThere: patchwork-forward@linaro.org Received: by 10.140.80.145 with SMTP id c17ls2727484qgd.60.gmail; Mon, 28 Apr 2014 05:39:40 -0700 (PDT) X-Received: by 10.58.185.145 with SMTP id fc17mr24427672vec.14.1398688780425; Mon, 28 Apr 2014 05:39:40 -0700 (PDT) Received: from mail-ve0-f174.google.com (mail-ve0-f174.google.com [209.85.128.174]) by mx.google.com with ESMTPS id tv3si3577157vdc.36.2014.04.28.05.39.40 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Mon, 28 Apr 2014 05:39:40 -0700 (PDT) Received-SPF: none (google.com: patch+caf_=patchwork-forward=linaro.org@linaro.org does not designate permitted sender hosts) client-ip=209.85.128.174; Received: by mail-ve0-f174.google.com with SMTP id oz11so7751918veb.5 for ; Mon, 28 Apr 2014 05:39:40 -0700 (PDT) X-Received: by 10.220.162.6 with SMTP id t6mr23809795vcx.12.1398688780355; Mon, 28 Apr 2014 05:39:40 -0700 (PDT) X-Forwarded-To: patchwork-forward@linaro.org X-Forwarded-For: patch@linaro.org patchwork-forward@linaro.org Delivered-To: patches@linaro.org Received: by 10.220.221.72 with SMTP id ib8csp114322vcb; Mon, 28 Apr 2014 05:39:39 -0700 (PDT) X-Received: by 10.66.66.66 with SMTP id d2mr25309015pat.36.1398688774832; Mon, 28 Apr 2014 05:39:34 -0700 (PDT) Received: from mnementh.archaic.org.uk (mnementh.archaic.org.uk. [2001:8b0:1d0::1]) by mx.google.com with ESMTPS id eg2si10378749pac.223.2014.04.28.05.39.33 for (version=TLSv1.2 cipher=RC4-SHA bits=128/128); Mon, 28 Apr 2014 05:39:34 -0700 (PDT) Received-SPF: none (google.com: pm215@archaic.org.uk does not designate permitted sender hosts) client-ip=2001:8b0:1d0::1; Received: from pm215 by mnementh.archaic.org.uk with local (Exim 4.80) (envelope-from ) id 1WekqI-0006Cq-MG; Mon, 28 Apr 2014 13:39:30 +0100 From: Peter Maydell To: qemu-devel@nongnu.org Cc: patches@linaro.org, "Michael S. Tsirkin" , "Dr. David Alan Gilbert" Subject: [PATCH v3 1/7] hw/net/stellaris_enet: Restructure tx_fifo code to avoid buffer overrun Date: Mon, 28 Apr 2014 13:39:24 +0100 Message-Id: <1398688770-23828-2-git-send-email-peter.maydell@linaro.org> X-Mailer: git-send-email 1.7.10.4 In-Reply-To: <1398688770-23828-1-git-send-email-peter.maydell@linaro.org> References: <1398688770-23828-1-git-send-email-peter.maydell@linaro.org> X-Removed-Original-Auth: Dkim didn't pass. X-Original-Sender: peter.maydell@linaro.org X-Original-Authentication-Results: mx.google.com; spf=neutral (google.com: patch+caf_=patchwork-forward=linaro.org@linaro.org does not designate permitted sender hosts) smtp.mail=patch+caf_=patchwork-forward=linaro.org@linaro.org Precedence: list Mailing-list: list patchwork-forward@linaro.org; contact patchwork-forward+owners@linaro.org List-ID: X-Google-Group-Id: 836684582541 List-Post: , List-Help: , List-Archive: List-Unsubscribe: , The current tx_fifo code has a corner case where the guest can overrun the fifo buffer: if automatic CRCs are disabled we allow the guest to write the CRC word even if there isn't actually space for it in the FIFO. The datasheet is unclear about exactly how the hardware deals with this situation; the most plausible answer seems to be that the CRC word is just lost. Implement this fix by separating the "can we stuff another word in the FIFO" logic from the "should we transmit the packet now" check. This also moves us closer to the real hardware, which has a number of ways it can be configured to trigger sending the packet, some of which we don't implement. Signed-off-by: Peter Maydell Reviewed-by: Dr. David Alan Gilbert Cc: qemu-stable@nongnu.org --- hw/net/stellaris_enet.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/hw/net/stellaris_enet.c b/hw/net/stellaris_enet.c index d04e6a4..bd844cd 100644 --- a/hw/net/stellaris_enet.c +++ b/hw/net/stellaris_enet.c @@ -253,10 +253,12 @@ static void stellaris_enet_write(void *opaque, hwaddr offset, s->tx_fifo[s->tx_fifo_len++] = value >> 24; } } else { - s->tx_fifo[s->tx_fifo_len++] = value; - s->tx_fifo[s->tx_fifo_len++] = value >> 8; - s->tx_fifo[s->tx_fifo_len++] = value >> 16; - s->tx_fifo[s->tx_fifo_len++] = value >> 24; + if (s->tx_fifo_len + 4 <= ARRAY_SIZE(s->tx_fifo)) { + s->tx_fifo[s->tx_fifo_len++] = value; + s->tx_fifo[s->tx_fifo_len++] = value >> 8; + s->tx_fifo[s->tx_fifo_len++] = value >> 16; + s->tx_fifo[s->tx_fifo_len++] = value >> 24; + } if (s->tx_fifo_len >= s->tx_frame_len) { /* We don't implement explicit CRC, so just chop it off. */ if ((s->tctl & SE_TCTL_CRC) == 0)