From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:50933)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <arei.gonglei@huawei.com>) id 1XrMxG-0007D4-Hg
	for qemu-devel@nongnu.org; Thu, 20 Nov 2014 03:19:12 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <arei.gonglei@huawei.com>) id 1XrMxA-0002YY-Cn
	for qemu-devel@nongnu.org; Thu, 20 Nov 2014 03:19:06 -0500
Received: from szxga03-in.huawei.com ([119.145.14.66]:35644)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <arei.gonglei@huawei.com>) id 1XrMx9-0002Xt-Lo
	for qemu-devel@nongnu.org; Thu, 20 Nov 2014 03:19:00 -0500
Message-ID: <546DA3DF.5080809@huawei.com>
Date: Thu, 20 Nov 2014 16:18:39 +0800
From: Gonglei <arei.gonglei@huawei.com>
MIME-Version: 1.0
References: <1416463034-8264-1-git-send-email-arei.gonglei@huawei.com>
	<1416463034-8264-5-git-send-email-arei.gonglei@huawei.com>
	<546D8A48.8040502@redhat.com> <546D905A.5020306@redhat.com>
	<546D9449.5020107@huawei.com> <546D9D50.4000500@redhat.com>
	<546DA0B5.3020705@huawei.com> <546DA23A.9040807@redhat.com>
In-Reply-To: <546DA23A.9040807@redhat.com>
Content-Type: text/plain; charset="windows-1252"
Content-Transfer-Encoding: 7bit
Subject: Re: [Qemu-devel] [PATCH 4/4] rtl8139: fix Pointer to local outside
 scope
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Jason Wang <jasowang@redhat.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>, "qemu-devel@nongnu.org" <qemu-devel@nongnu.org>, "stefanha@redhat.com" <stefanha@redhat.com>, "Huangpeng (Peter)" <peter.huangpeng@huawei.com>

On 2014/11/20 16:11, Jason Wang wrote:

> On 11/20/2014 04:05 PM, Gonglei wrote:
>> On 2014/11/20 15:50, Jason Wang wrote:
>>
>>>>> Maybe just initialize iov unconditionally at the beginning and check
>>>>>>> dot1q_buf instead of iov for the rest of the functions. (Need deal with
>>>>>>> size < ETHER_ADDR_LEN * 2)
>>>>> More complicated, because we can't initialize iov when
>>>>>  "size < ETHER_ADDR_LEN * 2".
>>>>>
>>>>> Best regards,
>>>>> -Gonglei
>>>>>
>>> Probably not: you can just do something like:
>>>
>>>     if (dot1q_buf && size < ETHER_ADDR_LEN * 2) {
>>>         dot1q_buf = NULL;
>>>     }
>>>
>>> and check dot1q_buf afterwards. Or just drop the packet since its size
>>> was less than mininum frame length that Ethernet allows.
>> Sorry, I don't understand. But,
>> what's your meaning "initialize iov unconditionally at the beginning"?
> 
> Something like:
> 
> @@ -1774,7 +1774,12 @@ static uint32_t
> rtl8139_RxConfig_read(RTL8139State *s)
>  static void rtl8139_transfer_frame(RTL8139State *s, uint8_t *buf, int size,
>      int do_interrupt, const uint8_t *dot1q_buf)
>  {
> -    struct iovec *iov = NULL;
> +    struct iovec iov[3] = {
> +        { .iov_base = buf, .iov_len = ETHER_ADDR_LEN * 2 },
> +        { .iov_base = (void *) dot1q_buf, .iov_len = VLAN_HLEN },
> +        { .iov_base = buf + ETHER_ADDR_LEN * 2,
> +          .iov_len = size - ETHER_ADDR_LEN * 2 },
> +    };
> 
> and assign dot1q_buf to NULL is size is not ok.
> 

If "size <  ETHER_ADDR_LEN * 2", .iov_len = size - ETHER_ADDR_LEN * 2 will be
negative value;
and if dot1q_buf is NULL, .iov_base = (void *) dot1q_buf will be NULL too. Any side-effect?

> Just a suggestion, your call.

Thanks, Jason :)

Best regards,
-Gonglei