On Wed, Nov 15, 2006 at 03:38:27PM +1100, herbert wrote: > > CP_TX_BUFFER_SIZE is already 64K. So it seems to me that we don't need > the while loop to extend the buffer at all since no transmitted packet > should be anywhere near this size. > > Are there any objections to getting rid of the following while loop > altogether and replacing it with a straight failure?
Since I haven't heard any objections, here is a patch to do just that. [QEMU] rtl8139: Disallow chaining above 64K As it stands the 8139C+ TX chaining is only bounded by realloc failure. This is contrary to how the real hardware operates. It also has DoS potential when ioemu runs in dom0. This patch makes any attempt to chain a frame beyond 64K fail immediately. Signed-off-by: Herbert Xu <[EMAIL PROTECTED]> Cheers, -- Visit Openswan at http://www.openswan.org/ Email: Herbert Xu ~{PmV>HI~} <[EMAIL PROTECTED]> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt -- diff -r 5f7b5e5ca14b tools/ioemu/hw/rtl8139.c --- a/tools/ioemu/hw/rtl8139.c Thu Nov 16 17:07:23 2006 +0000 +++ b/tools/ioemu/hw/rtl8139.c Fri Nov 17 11:24:34 2006 +1100 @@ -1999,12 +1999,12 @@ static int rtl8139_cplus_transmit_one(RT DEBUG_PRINT(("RTL8139: +++ C+ mode transmission buffer allocated space %d\n", s->cplus_txbuffer_len)); } - while (s->cplus_txbuffer && s->cplus_txbuffer_offset + txsize >= s->cplus_txbuffer_len) - { - s->cplus_txbuffer_len += CP_TX_BUFFER_SIZE; - s->cplus_txbuffer = realloc(s->cplus_txbuffer, s->cplus_txbuffer_len); - - DEBUG_PRINT(("RTL8139: +++ C+ mode transmission buffer space changed to %d\n", s->cplus_txbuffer_len)); + if (s->cplus_txbuffer && s->cplus_txbuffer_offset + txsize >= s->cplus_txbuffer_len) + { + free(s->cplus_txbuffer); + s->cplus_txbuffer = NULL; + + DEBUG_PRINT(("RTL8139: +++ C+ mode transmission buffer space exceeded: %d\n", s->cplus_txbuffer_offset + txsize)); } if (!s->cplus_txbuffer) _______________________________________________ Qemu-devel mailing list Qemu-devel@nongnu.org http://lists.nongnu.org/mailman/listinfo/qemu-devel
