From: Peter Maydell <peter.maydell@linaro.org>
To: "Dr. David Alan Gilbert" <dgilbert@redhat.com>
Cc: "Michael S. Tsirkin" <mst@redhat.com>,
QEMU Developers <qemu-devel@nongnu.org>,
Patch Tracking <patches@linaro.org>
Subject: Re: [Qemu-devel] [PATCH v3 7/7] hw/net/stellaris_enet: Convert to vmstate
Date: Tue, 6 May 2014 13:06:51 +0100 [thread overview]
Message-ID: <CAFEAcA8Qs6sweZHPa09DuHOD7RM_R+WPF1pQoTkgCGxdYEOcZw@mail.gmail.com> (raw)
In-Reply-To: <20140506115309.GB27709@work-vm>
On 6 May 2014 12:53, Dr. David Alan Gilbert <dgilbert@redhat.com> wrote:
> * Peter Maydell (peter.maydell@linaro.org) wrote:
>> +{
>> + stellaris_enet_state *s = opaque;
>> + int i;
>> +
>> + /* Sanitize inbound state. Note that next_packet is an index but
>> + * np is a size; hence their valid upper bounds differ.
>> + */
>> + if (s->next_packet >= ARRAY_SIZE(s->rx)) {
>> + return -1;
>> + }
>> +
>> + if (s->np > ARRAY_SIZE(s->rx)) {
>> + return -1;
>> + }
>> +
>> + for (i = 0; i < ARRAY_SIZE(s->rx); i++) {
>> + if (s->rx[i].len > ARRAY_SIZE(s->rx[i].data)) {
>> + return -1;
>> + }
>> + }
>> +
>> + if (s->rx_fifo_offset > ARRAY_SIZE(s->rx[0].data) + 4) {
>> + return -1;
>> + }
>
> Can you explain that +4 ?
> I think I can see how it would end up equalling ARRAY_SIZE if
> you've just read the last 4 bytes, but how does it go beyond?
Whoops, I think this should be - 4, not + 4 (I think I
messed up when I rearranged this from "offset + 4 > ARRAY_SIZE"
to avoid the potential overflow in that expression.)
The DATA read code is going to read from the 4 bytes starting
at s->rx[s->next_packet].data + s->rx_fifo_offset, so
we need to make sure the offset doesn't allow that to
overrun. (When we read the last 4 bytes then
the rx_fifo_offset is reset to zero immediately, so at
migration it's never possible for it to be equal to
ARRAY_SIZE).
>> +
>> + if (s->tx_fifo_len > ARRAY_SIZE(s->tx_fifo)) {
>> + return -1;
>> + }
>> +
>> + return 0;
>> +}
>> +
>> +static const VMStateDescription vmstate_stellaris_enet = {
>> + .name = "stellaris_enet",
>> + .version_id = 2,
>> + .minimum_version_id = 2,
>> + .minimum_version_id_old = 2,
>
> Weren't we killing off the minimum_version_id_old's ?
Yes, but we can't til the patch making it optional
hits master (it is in the current migration pullreq,
so if that goes in OK I'll just delete the _old line.)
thanks
-- PMM
prev parent reply other threads:[~2014-05-06 12:07 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <1398688770-23828-1-git-send-email-peter.maydell@linaro.org>
[not found] ` <1398688770-23828-8-git-send-email-peter.maydell@linaro.org>
2014-05-06 11:53 ` [Qemu-devel] [PATCH v3 7/7] hw/net/stellaris_enet: Convert to vmstate Dr. David Alan Gilbert
2014-05-06 12:06 ` Peter Maydell [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAFEAcA8Qs6sweZHPa09DuHOD7RM_R+WPF1pQoTkgCGxdYEOcZw@mail.gmail.com \
--to=peter.maydell@linaro.org \
--cc=dgilbert@redhat.com \
--cc=mst@redhat.com \
--cc=patches@linaro.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).