53 lines
1.7 KiB
Diff
53 lines
1.7 KiB
Diff
From 94087c0cbe014b4a60d96930d7cb43d54a05c701 Mon Sep 17 00:00:00 2001
|
|
From: Prasad J Pandit <pjp@fedoraproject.org>
|
|
Date: Thu, 22 Sep 2016 16:02:37 +0530
|
|
Subject: [PATCH 6/7] net: mcf: limit buffer descriptor count
|
|
|
|
ColdFire Fast Ethernet Controller uses buffer descriptors to manage
|
|
data flow to/fro receive & transmit queues. While transmitting
|
|
packets, it could continue to read buffer descriptors if a buffer
|
|
descriptor has length of zero and has crafted values in bd.flags.
|
|
Set upper limit to number of buffer descriptors.
|
|
|
|
Reported-by: Li Qiang <liqiang6-s@360.cn>
|
|
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
|
|
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
|
|
Signed-off-by: Jason Wang <jasowang@redhat.com>
|
|
---
|
|
hw/net/mcf_fec.c | 5 +++--
|
|
1 file changed, 3 insertions(+), 2 deletions(-)
|
|
|
|
diff --git a/hw/net/mcf_fec.c b/hw/net/mcf_fec.c
|
|
index 0ee8ad9..d31fea1 100644
|
|
--- a/hw/net/mcf_fec.c
|
|
+++ b/hw/net/mcf_fec.c
|
|
@@ -23,6 +23,7 @@ do { printf("mcf_fec: " fmt , ## __VA_ARGS__); } while (0)
|
|
#define DPRINTF(fmt, ...) do {} while(0)
|
|
#endif
|
|
|
|
+#define FEC_MAX_DESC 1024
|
|
#define FEC_MAX_FRAME_SIZE 2032
|
|
|
|
typedef struct {
|
|
@@ -149,7 +150,7 @@ static void mcf_fec_do_tx(mcf_fec_state *s)
|
|
uint32_t addr;
|
|
mcf_fec_bd bd;
|
|
int frame_size;
|
|
- int len;
|
|
+ int len, descnt = 0;
|
|
uint8_t frame[FEC_MAX_FRAME_SIZE];
|
|
uint8_t *ptr;
|
|
|
|
@@ -157,7 +158,7 @@ static void mcf_fec_do_tx(mcf_fec_state *s)
|
|
ptr = frame;
|
|
frame_size = 0;
|
|
addr = s->tx_descriptor;
|
|
- while (1) {
|
|
+ while (descnt++ < FEC_MAX_DESC) {
|
|
mcf_fec_read_bd(&bd, addr);
|
|
DPRINTF("tx_bd %x flags %04x len %d data %08x\n",
|
|
addr, bd.flags, bd.length, bd.data);
|
|
--
|
|
2.1.4
|
|
|