|
 |
a19a21 |
From d48034cc2b331313995c1d19060decc0e5ca1356 Mon Sep 17 00:00:00 2001
|
|
|
a19a21 |
From: Jon Maloy <jmaloy@redhat.com>
|
|
|
a19a21 |
Date: Thu, 14 Jan 2021 01:35:41 -0500
|
|
|
a19a21 |
Subject: [PATCH 17/17] hw/net/e1000e: advance desc_offset in case of null
|
|
|
a19a21 |
descriptor
|
|
|
a19a21 |
MIME-Version: 1.0
|
|
|
a19a21 |
Content-Type: text/plain; charset=UTF-8
|
|
|
a19a21 |
Content-Transfer-Encoding: 8bit
|
|
|
a19a21 |
|
|
|
a19a21 |
RH-Author: Jon Maloy <jmaloy@redhat.com>
|
|
|
a19a21 |
Message-id: <20210114013541.956735-2-jmaloy@redhat.com>
|
|
|
a19a21 |
Patchwork-id: 100638
|
|
|
a19a21 |
O-Subject: [RHEL-8.4.0 qemu-kvm PATCH 1/1] hw/net/e1000e: advance desc_offset in case of null descriptor
|
|
|
a19a21 |
Bugzilla: 1903070
|
|
|
a19a21 |
RH-Acked-by: Paolo Bonzini <pbonzini@redhat.com>
|
|
|
a19a21 |
RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
|
|
|
a19a21 |
RH-Acked-by: Thomas Huth <thuth@redhat.com>
|
|
|
a19a21 |
|
|
|
a19a21 |
From: Prasad J Pandit <pjp@fedoraproject.org>
|
|
|
a19a21 |
|
|
|
a19a21 |
While receiving packets via e1000e_write_packet_to_guest() routine,
|
|
|
a19a21 |
'desc_offset' is advanced only when RX descriptor is processed. And
|
|
|
a19a21 |
RX descriptor is not processed if it has NULL buffer address.
|
|
|
a19a21 |
This may lead to an infinite loop condition. Increament 'desc_offset'
|
|
|
a19a21 |
to process next descriptor in the ring to avoid infinite loop.
|
|
|
a19a21 |
|
|
|
a19a21 |
Reported-by: Cheol-woo Myung <330cjfdn@gmail.com>
|
|
|
a19a21 |
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
|
|
|
a19a21 |
Signed-off-by: Jason Wang <jasowang@redhat.com>
|
|
|
a19a21 |
|
|
|
a19a21 |
(cherry picked from c2cb511634012344e3d0fe49a037a33b12d8a98a)
|
|
|
a19a21 |
Signed-off-by: Jon Maloy <jmaloy@redhat.com>
|
|
|
a19a21 |
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
|
|
|
a19a21 |
---
|
|
|
a19a21 |
hw/net/e1000e_core.c | 8 ++++----
|
|
|
a19a21 |
1 file changed, 4 insertions(+), 4 deletions(-)
|
|
|
a19a21 |
|
|
|
a19a21 |
diff --git a/hw/net/e1000e_core.c b/hw/net/e1000e_core.c
|
|
|
a19a21 |
index 9b76f82db5b..166054f2e3f 100644
|
|
|
a19a21 |
--- a/hw/net/e1000e_core.c
|
|
|
a19a21 |
+++ b/hw/net/e1000e_core.c
|
|
|
a19a21 |
@@ -1596,13 +1596,13 @@ e1000e_write_packet_to_guest(E1000ECore *core, struct NetRxPkt *pkt,
|
|
|
a19a21 |
(const char *) &fcs_pad, e1000x_fcs_len(core->mac));
|
|
|
a19a21 |
}
|
|
|
a19a21 |
}
|
|
|
a19a21 |
- desc_offset += desc_size;
|
|
|
a19a21 |
- if (desc_offset >= total_size) {
|
|
|
a19a21 |
- is_last = true;
|
|
|
a19a21 |
- }
|
|
|
a19a21 |
} else { /* as per intel docs; skip descriptors with null buf addr */
|
|
|
a19a21 |
trace_e1000e_rx_null_descriptor();
|
|
|
a19a21 |
}
|
|
|
a19a21 |
+ desc_offset += desc_size;
|
|
|
a19a21 |
+ if (desc_offset >= total_size) {
|
|
|
a19a21 |
+ is_last = true;
|
|
|
a19a21 |
+ }
|
|
|
a19a21 |
|
|
|
a19a21 |
e1000e_write_rx_descr(core, desc, is_last ? core->rx_pkt : NULL,
|
|
|
a19a21 |
rss_info, do_ps ? ps_hdr_len : 0, &bastate.written);
|
|
|
a19a21 |
--
|
|
|
a19a21 |
2.27.0
|
|
|
a19a21 |
|