From: Anthony Liguori <anthony@codemonkey.ws>
To: Jan Kiszka <jan.kiszka@web.de>
Cc: Anthony Liguori <aliguori@us.ibm.com>,
qemu-devel <qemu-devel@nongnu.org>
Subject: Re: [Qemu-devel] [PATCH][STABLE] Musicpal: Fix descriptor walk in eth_send
Date: Tue, 26 Jan 2010 16:21:21 -0600 [thread overview]
Message-ID: <4B5F6AE1.8060502@codemonkey.ws> (raw)
In-Reply-To: <4B5C0A25.40202@web.de>
On 01/24/2010 02:51 AM, Jan Kiszka wrote:
> Commit 930c86820e introduced a regression to eth_send: eth_tx_desc_put
> manipulates the host's tx descriptor copy before writing it back, but
> two lines down the descriptor is evaluated again, leaving us with an
> invalid next address if host and guest endianness differ. So this was
> the actual issue commit 2e87c5b937 tried to paper over.
>
> Signed-off-by: Jan Kiszka<jan.kiszka@web.de>
>
Applied to stable. Thanks.
Regards,
Anthony Liguori
> ---
> hw/musicpal.c | 7 +++----
> 1 files changed, 3 insertions(+), 4 deletions(-)
>
> diff --git a/hw/musicpal.c b/hw/musicpal.c
> index e424a7d..b8af15e 100644
> --- a/hw/musicpal.c
> +++ b/hw/musicpal.c
> @@ -238,14 +238,13 @@ static void eth_send(mv88w8618_eth_state *s, int queue_index)
> {
> uint32_t desc_addr = s->tx_queue[queue_index];
> mv88w8618_tx_desc desc;
> + uint32_t next_desc;
> uint8_t buf[2048];
> int len;
>
> - if (!desc_addr) {
> - return;
> - }
> do {
> eth_tx_desc_get(desc_addr,&desc);
> + next_desc = desc.next;
> if (desc.cmdstat& MP_ETH_TX_OWN) {
> len = desc.bytes;
> if (len< 2048) {
> @@ -256,7 +255,7 @@ static void eth_send(mv88w8618_eth_state *s, int queue_index)
> s->icr |= 1<< (MP_ETH_IRQ_TXLO_BIT - queue_index);
> eth_tx_desc_put(desc_addr,&desc);
> }
> - desc_addr = desc.next;
> + desc_addr = next_desc;
> } while (desc_addr != s->tx_queue[queue_index]);
> }
>
>
prev parent reply other threads:[~2010-01-26 22:21 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-01-24 8:51 [Qemu-devel] [PATCH][STABLE] Musicpal: Fix descriptor walk in eth_send Jan Kiszka
2010-01-24 13:59 ` [Qemu-devel] " malc
2010-01-26 22:21 ` Anthony Liguori [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4B5F6AE1.8060502@codemonkey.ws \
--to=anthony@codemonkey.ws \
--cc=aliguori@us.ibm.com \
--cc=jan.kiszka@web.de \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).