yeahuh / rpms / qemu-kvm

Forked from rpms/qemu-kvm 2 years ago
Clone

Blame SOURCES/kvm-hw-net-e1000e-advance-desc_offset-in-case-of-null-de.patch

c687bc
From d48034cc2b331313995c1d19060decc0e5ca1356 Mon Sep 17 00:00:00 2001
c687bc
From: Jon Maloy <jmaloy@redhat.com>
c687bc
Date: Thu, 14 Jan 2021 01:35:41 -0500
c687bc
Subject: [PATCH 17/17] hw/net/e1000e: advance desc_offset in case of null
c687bc
 descriptor
c687bc
MIME-Version: 1.0
c687bc
Content-Type: text/plain; charset=UTF-8
c687bc
Content-Transfer-Encoding: 8bit
c687bc
c687bc
RH-Author: Jon Maloy <jmaloy@redhat.com>
c687bc
Message-id: <20210114013541.956735-2-jmaloy@redhat.com>
c687bc
Patchwork-id: 100638
c687bc
O-Subject: [RHEL-8.4.0 qemu-kvm PATCH 1/1] hw/net/e1000e: advance desc_offset in case of null descriptor
c687bc
Bugzilla: 1903070
c687bc
RH-Acked-by: Paolo Bonzini <pbonzini@redhat.com>
c687bc
RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
c687bc
RH-Acked-by: Thomas Huth <thuth@redhat.com>
c687bc
c687bc
From: Prasad J Pandit <pjp@fedoraproject.org>
c687bc
c687bc
While receiving packets via e1000e_write_packet_to_guest() routine,
c687bc
'desc_offset' is advanced only when RX descriptor is processed. And
c687bc
RX descriptor is not processed if it has NULL buffer address.
c687bc
This may lead to an infinite loop condition. Increament 'desc_offset'
c687bc
to process next descriptor in the ring to avoid infinite loop.
c687bc
c687bc
Reported-by: Cheol-woo Myung <330cjfdn@gmail.com>
c687bc
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
c687bc
Signed-off-by: Jason Wang <jasowang@redhat.com>
c687bc
c687bc
(cherry picked from c2cb511634012344e3d0fe49a037a33b12d8a98a)
c687bc
Signed-off-by: Jon Maloy <jmaloy@redhat.com>
c687bc
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
c687bc
---
c687bc
 hw/net/e1000e_core.c | 8 ++++----
c687bc
 1 file changed, 4 insertions(+), 4 deletions(-)
c687bc
c687bc
diff --git a/hw/net/e1000e_core.c b/hw/net/e1000e_core.c
c687bc
index 9b76f82db5b..166054f2e3f 100644
c687bc
--- a/hw/net/e1000e_core.c
c687bc
+++ b/hw/net/e1000e_core.c
c687bc
@@ -1596,13 +1596,13 @@ e1000e_write_packet_to_guest(E1000ECore *core, struct NetRxPkt *pkt,
c687bc
                           (const char *) &fcs_pad, e1000x_fcs_len(core->mac));
c687bc
                 }
c687bc
             }
c687bc
-            desc_offset += desc_size;
c687bc
-            if (desc_offset >= total_size) {
c687bc
-                is_last = true;
c687bc
-            }
c687bc
         } else { /* as per intel docs; skip descriptors with null buf addr */
c687bc
             trace_e1000e_rx_null_descriptor();
c687bc
         }
c687bc
+        desc_offset += desc_size;
c687bc
+        if (desc_offset >= total_size) {
c687bc
+            is_last = true;
c687bc
+        }
c687bc
 
c687bc
         e1000e_write_rx_descr(core, desc, is_last ? core->rx_pkt : NULL,
c687bc
                            rss_info, do_ps ? ps_hdr_len : 0, &bastate.written);
c687bc
-- 
c687bc
2.27.0
c687bc