From: Vlad Yasevich <vyasevic@redhat.com>
To: Jason Wang <jasowang@redhat.com>, qemu-devel@nongnu.org
Cc: stefanha@redhat.com
Subject: Re: [Qemu-devel] [PATCH v3 2/2] rtl8139: correctly track full receive buffer in standard mode
Date: Mon, 31 Aug 2015 10:24:14 -0400 [thread overview]
Message-ID: <55E4638E.3090404@redhat.com> (raw)
In-Reply-To: <55E4256F.9010302@redhat.com>
On 08/31/2015 05:59 AM, Jason Wang wrote:
>
>
> On 08/28/2015 10:06 PM, Vladislav Yasevich wrote:
>> In standard operation mode, when the receive ring buffer
>> is full, the buffer actually appears empty to the driver since
>> the RxBufAddr (the location we wirte new data to) and RxBufPtr
>> (the location guest would stat reading from) are the same.
>> As a result, the call to rtl8139_RxBufferEmpty ends up
>> returning true indicating that the receive buffer is empty.
>> This would result in the next packet overwriting the recevie buffer
>> again and stalling receive operations.
>>
>> This patch tracks the number of unread bytes in the rxbuffer
>> using an unused C+ register. On every read and write, the
>> number is adjsted and the special case of a full buffer is also
>> trapped.
>>
>> The C+ register trick is used to simplify migration and not require
>> a new machine type. This register is not used in regular mode
>> and C+ mode doesn't have the same issue.
>>
>> Signed-off-by: Vladislav Yasevich <vyasevic@redhat.com>
>> ---
>> hw/net/rtl8139.c | 45 +++++++++++++++++++++++++++++++++++++++++----
>> 1 file changed, 41 insertions(+), 4 deletions(-)
>
> I'm not sure this can happen. For example, looks like the following
> check in rtl8139_do_receive():
>
> if (avail != 0 && size + 8 >= avail)
> {
>
> can guarantee there's no overwriting?
>
The problem is the calculation of avail. When the buffer is full,
avail will be the the size of the receive buffer. So the test
above will be false because the driver thinks there is actually
enough room.
With his patch, 'avail' will be calculated to 0.
-vlad
next prev parent reply other threads:[~2015-08-31 14:24 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-08-28 14:06 [Qemu-devel] [PATCH v3 0/2] rtl8139: Fix buffer overflow in standard mode Vladislav Yasevich
2015-08-28 14:06 ` [Qemu-devel] [PATCH v3 1/2] rtl8139: Do not consume the packet during " Vladislav Yasevich
2015-08-28 14:06 ` [Qemu-devel] [PATCH v3 2/2] rtl8139: correctly track full receive buffer " Vladislav Yasevich
2015-08-31 9:59 ` Jason Wang
2015-08-31 14:24 ` Vlad Yasevich [this message]
2015-09-01 3:15 ` Jason Wang
2015-09-01 11:29 ` Vlad Yasevich
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=55E4638E.3090404@redhat.com \
--to=vyasevic@redhat.com \
--cc=jasowang@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=stefanha@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).