| Message ID | 1486693159-29029-1-git-send-email-liqiang6-s@360.cn (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
Reviewed-by: Dmitry Fleytman <dmitry@daynix.com> > On 10 Feb 2017, at 04:19 AM, Li Qiang <liq3ea@gmail.com> wrote: > > This issue is like the issue in e1000 network card addressed in > this commit: > e1000: eliminate infinite loops on out-of-bounds transfer start. > > Signed-off-by: Li Qiang <liqiang6-s@360.cn> > --- > > Change since v2: > fix error in e1000e_ring_empty > eliminate unnecessory detect code in loop > > Changes since v1: > make wraparound detect in e1000e_ring_empty > > hw/net/e1000e_core.c | 7 ++++++- > 1 file changed, 6 insertions(+), 1 deletion(-) > > diff --git a/hw/net/e1000e_core.c b/hw/net/e1000e_core.c > index 2b11499..dc94188 100644 > --- a/hw/net/e1000e_core.c > +++ b/hw/net/e1000e_core.c > @@ -806,7 +806,8 @@ typedef struct E1000E_RingInfo_st { > static inline bool > e1000e_ring_empty(E1000ECore *core, const E1000E_RingInfo *r) > { > - return core->mac[r->dh] == core->mac[r->dt]; > + return core->mac[r->dh] == core->mac[r->dt] || > + core->mac[r->dt] >= core->mac[r->dlen] / E1000_RING_DESC_LEN; > } > > static inline uint64_t > @@ -1522,6 +1523,10 @@ e1000e_write_packet_to_guest(E1000ECore *core, struct NetRxPkt *pkt, > desc_size = core->rx_desc_buf_size; > } > > + if (e1000e_ring_empty(core, rxi)) { > + return; > + } > + > base = e1000e_ring_head_descr(core, rxi); > > pci_dma_read(d, base, &desc, core->rx_desc_len); > -- > 1.8.3.1 >
On 2017年02月12日 19:38, Dmitry Fleytman wrote: > Reviewed-by: Dmitry Fleytman <dmitry@daynix.com > <mailto:dmitry@daynix.com>> > Applied. Thanks >> On 10 Feb 2017, at 04:19 AM, Li Qiang <liq3ea@gmail.com >> <mailto:liq3ea@gmail.com>> wrote: >> >> This issue is like the issue in e1000 network card addressed in >> this commit: >> e1000: eliminate infinite loops on out-of-bounds transfer start. >> >> Signed-off-by: Li Qiang <liqiang6-s@360.cn <mailto:liqiang6-s@360.cn>> >> --- >> >> Change since v2: >> fix error in e1000e_ring_empty >> eliminate unnecessory detect code in loop >> >> Changes since v1: >> make wraparound detect in e1000e_ring_empty >> >> hw/net/e1000e_core.c | 7 ++++++- >> 1 file changed, 6 insertions(+), 1 deletion(-) >> >> diff --git a/hw/net/e1000e_core.c b/hw/net/e1000e_core.c >> index 2b11499..dc94188 100644 >> --- a/hw/net/e1000e_core.c >> +++ b/hw/net/e1000e_core.c >> @@ -806,7 +806,8 @@ typedef struct E1000E_RingInfo_st { >> static inline bool >> e1000e_ring_empty(E1000ECore *core, const E1000E_RingInfo *r) >> { >> - return core->mac[r->dh] == core->mac[r->dt]; >> + return core->mac[r->dh] == core->mac[r->dt] || >> + core->mac[r->dt] >= core->mac[r->dlen] / >> E1000_RING_DESC_LEN; >> } >> >> static inline uint64_t >> @@ -1522,6 +1523,10 @@ e1000e_write_packet_to_guest(E1000ECore *core, >> struct NetRxPkt *pkt, >> desc_size = core->rx_desc_buf_size; >> } >> >> + if (e1000e_ring_empty(core, rxi)) { >> + return; >> + } >> + >> base = e1000e_ring_head_descr(core, rxi); >> >> pci_dma_read(d, base, &desc, core->rx_desc_len); >> -- >> 1.8.3.1 >> >
diff --git a/hw/net/e1000e_core.c b/hw/net/e1000e_core.c index 2b11499..dc94188 100644 --- a/hw/net/e1000e_core.c +++ b/hw/net/e1000e_core.c @@ -806,7 +806,8 @@ typedef struct E1000E_RingInfo_st { static inline bool e1000e_ring_empty(E1000ECore *core, const E1000E_RingInfo *r) { - return core->mac[r->dh] == core->mac[r->dt]; + return core->mac[r->dh] == core->mac[r->dt] || + core->mac[r->dt] >= core->mac[r->dlen] / E1000_RING_DESC_LEN; } static inline uint64_t @@ -1522,6 +1523,10 @@ e1000e_write_packet_to_guest(E1000ECore *core, struct NetRxPkt *pkt, desc_size = core->rx_desc_buf_size; } + if (e1000e_ring_empty(core, rxi)) { + return; + } + base = e1000e_ring_head_descr(core, rxi); pci_dma_read(d, base, &desc, core->rx_desc_len);
This issue is like the issue in e1000 network card addressed in this commit: e1000: eliminate infinite loops on out-of-bounds transfer start. Signed-off-by: Li Qiang <liqiang6-s@360.cn> --- Change since v2: fix error in e1000e_ring_empty eliminate unnecessory detect code in loop Changes since v1: make wraparound detect in e1000e_ring_empty hw/net/e1000e_core.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-)