yeahuh / rpms / qemu-kvm

Forked from rpms/qemu-kvm 2 years ago
Clone

Blame SOURCES/kvm-hw-net-e1000e-advance-desc_offset-in-case-of-null-de.patch

8fced6
From d48034cc2b331313995c1d19060decc0e5ca1356 Mon Sep 17 00:00:00 2001
8fced6
From: Jon Maloy <jmaloy@redhat.com>
8fced6
Date: Thu, 14 Jan 2021 01:35:41 -0500
8fced6
Subject: [PATCH 17/17] hw/net/e1000e: advance desc_offset in case of null
8fced6
 descriptor
8fced6
MIME-Version: 1.0
8fced6
Content-Type: text/plain; charset=UTF-8
8fced6
Content-Transfer-Encoding: 8bit
8fced6
8fced6
RH-Author: Jon Maloy <jmaloy@redhat.com>
8fced6
Message-id: <20210114013541.956735-2-jmaloy@redhat.com>
8fced6
Patchwork-id: 100638
8fced6
O-Subject: [RHEL-8.4.0 qemu-kvm PATCH 1/1] hw/net/e1000e: advance desc_offset in case of null descriptor
8fced6
Bugzilla: 1903070
8fced6
RH-Acked-by: Paolo Bonzini <pbonzini@redhat.com>
8fced6
RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
8fced6
RH-Acked-by: Thomas Huth <thuth@redhat.com>
8fced6
8fced6
From: Prasad J Pandit <pjp@fedoraproject.org>
8fced6
8fced6
While receiving packets via e1000e_write_packet_to_guest() routine,
8fced6
'desc_offset' is advanced only when RX descriptor is processed. And
8fced6
RX descriptor is not processed if it has NULL buffer address.
8fced6
This may lead to an infinite loop condition. Increament 'desc_offset'
8fced6
to process next descriptor in the ring to avoid infinite loop.
8fced6
8fced6
Reported-by: Cheol-woo Myung <330cjfdn@gmail.com>
8fced6
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
8fced6
Signed-off-by: Jason Wang <jasowang@redhat.com>
8fced6
8fced6
(cherry picked from c2cb511634012344e3d0fe49a037a33b12d8a98a)
8fced6
Signed-off-by: Jon Maloy <jmaloy@redhat.com>
8fced6
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
8fced6
---
8fced6
 hw/net/e1000e_core.c | 8 ++++----
8fced6
 1 file changed, 4 insertions(+), 4 deletions(-)
8fced6
8fced6
diff --git a/hw/net/e1000e_core.c b/hw/net/e1000e_core.c
8fced6
index 9b76f82db5b..166054f2e3f 100644
8fced6
--- a/hw/net/e1000e_core.c
8fced6
+++ b/hw/net/e1000e_core.c
8fced6
@@ -1596,13 +1596,13 @@ e1000e_write_packet_to_guest(E1000ECore *core, struct NetRxPkt *pkt,
8fced6
                           (const char *) &fcs_pad, e1000x_fcs_len(core->mac));
8fced6
                 }
8fced6
             }
8fced6
-            desc_offset += desc_size;
8fced6
-            if (desc_offset >= total_size) {
8fced6
-                is_last = true;
8fced6
-            }
8fced6
         } else { /* as per intel docs; skip descriptors with null buf addr */
8fced6
             trace_e1000e_rx_null_descriptor();
8fced6
         }
8fced6
+        desc_offset += desc_size;
8fced6
+        if (desc_offset >= total_size) {
8fced6
+            is_last = true;
8fced6
+        }
8fced6
 
8fced6
         e1000e_write_rx_descr(core, desc, is_last ? core->rx_pkt : NULL,
8fced6
                            rss_info, do_ps ? ps_hdr_len : 0, &bastate.written);
8fced6
-- 
8fced6
2.27.0
8fced6