* [Qemu-devel] PATCH: mcf_fec.c sends packet with incorrect length
@ 2009-09-09 3:16 Till Straumann
0 siblings, 0 replies; only message in thread
From: Till Straumann @ 2009-09-09 3:16 UTC (permalink / raw)
To: qemu-devel
[-- Attachment #1: Type: text/plain, Size: 623 bytes --]
mcf_fec passes the length stored in the last BD's 'length' member instead
of the full frame size to 'qemu_send_packet'.
The first hunk of the attached patch fixes this.
The patch also includes dummy-read + writes for the MIB counters
so that qemu doesn't crash if these counters are accessed
(the counters themselves are not implemented, however. Sorry.)
Finally, the patch also raises a MII interrupt when writing MMFR
but again, MII itself is not implemented. Raising an interrupt
at least lets drivers proceed who wait for an IRQ.
Please CC me for any comments - I'm not on the qemu list.
Thanks for qemu.
-- Till
[-- Attachment #2: mcf_fec.c.diff --]
[-- Type: text/x-patch, Size: 3050 bytes --]
*** qemu-0.11.0-rc1.orig/hw/mcf_fec.c 2009-07-29 19:38:19.000000000 -0500
--- qemu-0.11.0-rc1/hw/mcf_fec.c 2009-09-08 21:55:24.000000000 -0500
***************
*** 11,17 ****
/* For crc32 */
#include <zlib.h>
! //#define DEBUG_FEC 1
#ifdef DEBUG_FEC
#define DPRINTF(fmt, ...) \
--- 11,17 ----
/* For crc32 */
#include <zlib.h>
! #define DEBUG_FEC 1
#ifdef DEBUG_FEC
#define DPRINTF(fmt, ...) \
***************
*** 172,178 ****
if (bd.flags & FEC_BD_L) {
/* Last buffer in frame. */
DPRINTF("Sending packet\n");
! qemu_send_packet(s->vc, frame, len);
ptr = frame;
frame_size = 0;
s->eir |= FEC_INT_TXF;
--- 172,178 ----
if (bd.flags & FEC_BD_L) {
/* Last buffer in frame. */
DPRINTF("Sending packet\n");
! qemu_send_packet(s->vc, frame, frame_size);
ptr = frame;
frame_size = 0;
s->eir |= FEC_INT_TXF;
***************
*** 217,223 ****
static uint32_t mcf_fec_read(void *opaque, target_phys_addr_t addr)
{
mcf_fec_state *s = (mcf_fec_state *)opaque;
! switch (addr & 0x3ff) {
case 0x004: return s->eir;
case 0x008: return s->eimr;
case 0x010: return s->rx_enabled ? (1 << 24) : 0; /* RDAR */
--- 217,224 ----
static uint32_t mcf_fec_read(void *opaque, target_phys_addr_t addr)
{
mcf_fec_state *s = (mcf_fec_state *)opaque;
! addr &= 0x3ff;
! switch (addr) {
case 0x004: return s->eir;
case 0x008: return s->eimr;
case 0x010: return s->rx_enabled ? (1 << 24) : 0; /* RDAR */
***************
*** 246,251 ****
--- 247,254 ----
case 0x184: return s->etdsr;
case 0x188: return s->emrbr;
default:
+ if ( addr >= 0x200 && addr < 0x2e4 )
+ return 0xdeadbeef; /* FIXME: MIB counters not implemented */
hw_error("mcf_fec_read: Bad address 0x%x\n", (int)addr);
return 0;
}
***************
*** 254,260 ****
static void mcf_fec_write(void *opaque, target_phys_addr_t addr, uint32_t value)
{
mcf_fec_state *s = (mcf_fec_state *)opaque;
! switch (addr & 0x3ff) {
case 0x004:
s->eir &= ~value;
break;
--- 257,264 ----
static void mcf_fec_write(void *opaque, target_phys_addr_t addr, uint32_t value)
{
mcf_fec_state *s = (mcf_fec_state *)opaque;
! addr &= 0x3ff;
! switch (addr) {
case 0x004:
s->eir &= ~value;
break;
***************
*** 285,290 ****
--- 289,295 ----
case 0x040:
/* TODO: Implement MII. */
s->mmfr = value;
+ s->eir |= FEC_INT_MII;
break;
case 0x044:
s->mscr = value & 0xfe;
***************
*** 342,347 ****
--- 347,354 ----
s->emrbr = value & 0x7f0;
break;
default:
+ if ( addr >= 0x200 && addr < 0x2e4 )
+ return; /* FIXME: MIB counters not implemented */
hw_error("mcf_fec_write Bad address 0x%x\n", (int)addr);
}
mcf_fec_update(s);
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2009-09-09 3:17 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2009-09-09 3:16 [Qemu-devel] PATCH: mcf_fec.c sends packet with incorrect length Till Straumann
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).