9290838132
Fix segfault with zero length virtio-scsi disk (bz #847549)
63 lines
2.4 KiB
Diff
63 lines
2.4 KiB
Diff
From 0b8f2583c9cd2b06b422c80ceec6a7f2641fc4e0 Mon Sep 17 00:00:00 2001
|
|
From: Dmitry Fleytman <dmitry@daynix.com>
|
|
Date: Fri, 19 Oct 2012 07:56:55 +0200
|
|
Subject: [PATCH] e1000: drop check_rxov, always treat RX ring with RDH == RDT
|
|
as empty
|
|
|
|
Real HW always treats RX ring with RDH == RDT as empty.
|
|
Emulation is supposed to behave the same.
|
|
|
|
Reported-by: Chris Webb <chris.webb@elastichosts.com>
|
|
Reported-by: Richard Davies <richard.davies@elastichosts.com>
|
|
Signed-off-by: Dmitry Fleytman <dmitry@daynix.com>
|
|
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
|
|
(cherry picked from commit e5b8b0d4ba29fe1268ba049519a1b0cf8552a21a)
|
|
|
|
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
|
|
---
|
|
hw/e1000.c | 7 ++-----
|
|
1 file changed, 2 insertions(+), 5 deletions(-)
|
|
|
|
diff --git a/hw/e1000.c b/hw/e1000.c
|
|
index ec3a7c4..4d4ac32 100644
|
|
--- a/hw/e1000.c
|
|
+++ b/hw/e1000.c
|
|
@@ -92,7 +92,6 @@ typedef struct E1000State_st {
|
|
|
|
uint32_t rxbuf_size;
|
|
uint32_t rxbuf_min_shift;
|
|
- int check_rxov;
|
|
struct e1000_tx {
|
|
unsigned char header[256];
|
|
unsigned char vlan_header[4];
|
|
@@ -741,11 +740,11 @@ static bool e1000_has_rxbufs(E1000State *s, size_t total_size)
|
|
int bufs;
|
|
/* Fast-path short packets */
|
|
if (total_size <= s->rxbuf_size) {
|
|
- return s->mac_reg[RDH] != s->mac_reg[RDT] || !s->check_rxov;
|
|
+ return s->mac_reg[RDH] != s->mac_reg[RDT];
|
|
}
|
|
if (s->mac_reg[RDH] < s->mac_reg[RDT]) {
|
|
bufs = s->mac_reg[RDT] - s->mac_reg[RDH];
|
|
- } else if (s->mac_reg[RDH] > s->mac_reg[RDT] || !s->check_rxov) {
|
|
+ } else if (s->mac_reg[RDH] > s->mac_reg[RDT]) {
|
|
bufs = s->mac_reg[RDLEN] / sizeof(struct e1000_rx_desc) +
|
|
s->mac_reg[RDT] - s->mac_reg[RDH];
|
|
} else {
|
|
@@ -848,7 +847,6 @@ e1000_receive(NetClientState *nc, const uint8_t *buf, size_t size)
|
|
|
|
if (++s->mac_reg[RDH] * sizeof(desc) >= s->mac_reg[RDLEN])
|
|
s->mac_reg[RDH] = 0;
|
|
- s->check_rxov = 1;
|
|
/* see comment in start_xmit; same here */
|
|
if (s->mac_reg[RDH] == rdh_start) {
|
|
DBGOUT(RXERR, "RDH wraparound @%x, RDT %x, RDLEN %x\n",
|
|
@@ -925,7 +923,6 @@ mac_writereg(E1000State *s, int index, uint32_t val)
|
|
static void
|
|
set_rdt(E1000State *s, int index, uint32_t val)
|
|
{
|
|
- s->check_rxov = 0;
|
|
s->mac_reg[index] = val & 0xffff;
|
|
if (e1000_has_rxbufs(s, 1)) {
|
|
qemu_flush_queued_packets(&s->nic->nc);
|