From: Jason Wang <jasowang@redhat.com>
To: P J P <ppandit@redhat.com>, Paolo Bonzini <pbonzini@redhat.com>
Cc: Qinghao Tang <luodalongde@gmail.com>, qemu-devel@nongnu.org
Subject: Re: [Qemu-devel] [PATCH] eepro100: prevent an infinite loop over same command block
Date: Tue, 20 Oct 2015 11:02:56 +0800 [thread overview]
Message-ID: <5625AEE0.7070908@redhat.com> (raw)
In-Reply-To: <alpine.LFD.2.20.1510162247310.4332@wniryva>
On 10/17/2015 01:19 AM, P J P wrote:
> +-- On Fri, 16 Oct 2015, Paolo Bonzini wrote --+
> | > + if (s->tx.link == s->cu_offset)
> | > + break;
> |
> | Please update the patch to conform to QEMU's coding standards; braces
> | are required even around single-statement blocks.
>
> Done. Please see an updated patch below.
>
> ===
> From bbf7b8914a984b09242e1cafc258bd71cecc47c8 Mon Sep 17 00:00:00 2001
> From: Prasad J Pandit <pjp@fedoraproject.org>
> Date: Fri, 16 Oct 2015 22:43:29 +0530
> Subject: eepro100: prevent an infinite loop over same command block
>
> action_command() routine executes a chain of commands located
> in the Command Block List(CBL). Each Command Block(CB) has a
> link to the next CB in the list, given by 's->tx.link'.
> This is used in conjunction with the base address 's->cu_base'.
>
> An infinite loop unfolds if the 'link' to the next CB is
> same as the previous one, the loop ends up executing the same
> command over and over again.
>
> Reported-by: Qinghao Tang <luodalongde@gmail.com>
> Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
> ---
> hw/net/eepro100.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/hw/net/eepro100.c b/hw/net/eepro100.c
> index 60333b7..0e4ad4e 100644
> --- a/hw/net/eepro100.c
> +++ b/hw/net/eepro100.c
> @@ -863,6 +863,9 @@ static void action_command(EEPRO100State *s)
> uint16_t ok_status = STATUS_OK;
> s->cb_address = s->cu_base + s->cu_offset;
> read_cb(s);
> + if (s->tx.link == s->cu_offset) {
> + break;
> + }
> bit_el = ((s->tx.command & COMMAND_EL) != 0);
> bit_s = ((s->tx.command & COMMAND_S) != 0);
> bit_i = ((s->tx.command & COMMAND_I) != 0);
Can this survive if we had a chain like?
A->B->A
If not, looks like we need to limit the maximum number of commands in a
chain? (e.g 256)
next prev parent reply other threads:[~2015-10-20 3:03 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-10-16 11:12 [Qemu-devel] [PATCH] eepro100: prevent an infinite loop over same command block P J P
2015-10-16 12:41 ` Paolo Bonzini
2015-10-16 17:19 ` P J P
2015-10-16 21:37 ` Stefan Weil
2015-10-17 11:25 ` P J P
2015-10-17 11:35 ` Peter Maydell
2015-10-20 3:04 ` Jason Wang
2015-10-20 3:10 ` max
2015-10-20 3:02 ` Jason Wang [this message]
2015-11-03 18:49 ` P J P
2015-11-04 3:31 ` Jason Wang
2015-11-20 2:43 ` Qinghao Tang
2015-11-20 6:10 ` P J P
2015-11-20 6:29 ` Qinghao Tang
2015-11-20 7:23 ` P J P
2015-11-20 7:47 ` Stefan Weil
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5625AEE0.7070908@redhat.com \
--to=jasowang@redhat.com \
--cc=luodalongde@gmail.com \
--cc=pbonzini@redhat.com \
--cc=ppandit@redhat.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.