From: Stefan Weil <sw@weilnetz.de>
To: P J P <ppandit@redhat.com>, Paolo Bonzini <pbonzini@redhat.com>
Cc: Qinghao Tang <luodalongde@gmail.com>,
Jason Wang <jasowang@redhat.com>,
qemu-devel@nongnu.org
Subject: Re: [Qemu-devel] [PATCH] eepro100: prevent an infinite loop over same command block
Date: Fri, 16 Oct 2015 23:37:30 +0200 [thread overview]
Message-ID: <56216E1A.30609@weilnetz.de> (raw)
In-Reply-To: <alpine.LFD.2.20.1510162247310.4332@wniryva>
Am 16.10.2015 um 19:19 schrieb P J P:
> +-- On Fri, 16 Oct 2015, Paolo Bonzini wrote --+
> | > + if (s->tx.link == s->cu_offset)
> | > + break;
> |
> | Please update the patch to conform to QEMU's coding standards; braces
> | are required even around single-statement blocks.
>
> Done. Please see an updated patch below.
>
> ===
> From bbf7b8914a984b09242e1cafc258bd71cecc47c8 Mon Sep 17 00:00:00 2001
> From: Prasad J Pandit <pjp@fedoraproject.org>
> Date: Fri, 16 Oct 2015 22:43:29 +0530
> Subject: eepro100: prevent an infinite loop over same command block
>
> action_command() routine executes a chain of commands located
> in the Command Block List(CBL). Each Command Block(CB) has a
> link to the next CB in the list, given by 's->tx.link'.
> This is used in conjunction with the base address 's->cu_base'.
>
> An infinite loop unfolds if the 'link' to the next CB is
> same as the previous one, the loop ends up executing the same
> command over and over again.
>
> Reported-by: Qinghao Tang <luodalongde@gmail.com>
> Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
> ---
> hw/net/eepro100.c | 3 +++
> 1 file changed, 3 insertions(+)
>
Hi,
is this just a theoretical assumption or did you see problems
with some guest operating system?
To trigger a potential infinite loop, you'll need buggy device
drivers in the guest.
I just had a look at the Intel developer manual
(http://www.intel.com/content/dam/doc/manual/8255x-10-100-mbps-ethernet-controller-software-dev-manual.pdf).
The command block list (CBL) description is in chapter 6.4
of that manual. I did not find a hint that there is a break
condition like the one introduced by your patch.
Maybe real hardware will run an endless loop?
Or the "endless" loop is terminated because the driver
changes the link while the loop is running?
The goal of eepro100.c should be emulation of the
real hardware, even of a potential design weakness.
Regards
Stefan W.
next prev parent reply other threads:[~2015-10-16 21:37 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-10-16 11:12 [Qemu-devel] [PATCH] eepro100: prevent an infinite loop over same command block P J P
2015-10-16 12:41 ` Paolo Bonzini
2015-10-16 17:19 ` P J P
2015-10-16 21:37 ` Stefan Weil [this message]
2015-10-17 11:25 ` P J P
2015-10-17 11:35 ` Peter Maydell
2015-10-20 3:04 ` Jason Wang
2015-10-20 3:10 ` max
2015-10-20 3:02 ` Jason Wang
2015-11-03 18:49 ` P J P
2015-11-04 3:31 ` Jason Wang
2015-11-20 2:43 ` Qinghao Tang
2015-11-20 6:10 ` P J P
2015-11-20 6:29 ` Qinghao Tang
2015-11-20 7:23 ` P J P
2015-11-20 7:47 ` Stefan Weil
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=56216E1A.30609@weilnetz.de \
--to=sw@weilnetz.de \
--cc=jasowang@redhat.com \
--cc=luodalongde@gmail.com \
--cc=pbonzini@redhat.com \
--cc=ppandit@redhat.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.