debuggers.hg

view tools/ioemu/patches/rtl8139-bound-chaining @ 0:7d21f7218375

Exact replica of unstable on 051908 + README-this
author Mukesh Rathor
date Mon May 19 15:34:57 2008 -0700 (2008-05-19)
parents
children
line source
1 # HG changeset patch
2 # User kfraser@localhost.localdomain
3 # Node ID 075f4ffdbbce5527ba525a515abe320703d17a0e
4 # Parent 51edd3c6a4d861db6ce1c9a02251ed49213c3002
5 [QEMU] rtl8139: Disallow chaining above 64K
7 As it stands the 8139C+ TX chaining is only bounded by realloc failure.
8 This is contrary to how the real hardware operates. It also has DoS
9 potential when ioemu runs in dom0.
11 This patch makes any attempt to chain a frame beyond 64K fail
12 immediately.
14 Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
16 Index: ioemu/hw/rtl8139.c
17 ===================================================================
18 --- ioemu.orig/hw/rtl8139.c 2007-05-03 20:36:50.000000000 +0100
19 +++ ioemu/hw/rtl8139.c 2007-05-03 20:39:45.000000000 +0100
20 @@ -1999,12 +1999,12 @@
21 DEBUG_PRINT(("RTL8139: +++ C+ mode transmission buffer allocated space %d\n", s->cplus_txbuffer_len));
22 }
24 - while (s->cplus_txbuffer && s->cplus_txbuffer_offset + txsize >= s->cplus_txbuffer_len)
25 + if (s->cplus_txbuffer && s->cplus_txbuffer_offset + txsize >= s->cplus_txbuffer_len)
26 {
27 - s->cplus_txbuffer_len += CP_TX_BUFFER_SIZE;
28 - s->cplus_txbuffer = realloc(s->cplus_txbuffer, s->cplus_txbuffer_len);
29 + free(s->cplus_txbuffer);
30 + s->cplus_txbuffer = NULL;
32 - DEBUG_PRINT(("RTL8139: +++ C+ mode transmission buffer space changed to %d\n", s->cplus_txbuffer_len));
33 + DEBUG_PRINT(("RTL8139: +++ C+ mode transmission buffer space exceeded: %d\n", s->cplus_txbuffer_offset + txsize));
34 }
36 if (!s->cplus_txbuffer)