On Tue, Sep 01, 2015 at 11:26:44AM -0400, Vladislav Yasevich wrote: > When rtl8139 card is running in standard mode, it is very easy > to overlflow and the receive buffer and get into a siutation > where all packets are dropped. Simply reproduction case is > to ping the guest from the host with 6500 byte packets. > > There are actually 2 problems here. > 1) When the rtl8129 buffer is overflow, the card emulation > returns the size of the packet back to queue transmission. > This signals successful reception even though the packet > has been dropped. The proper solution is to return 0, so > that the packet is re-queued and will be resubmitted later. > > 2) The RxBuffAddr pointer used to track where packet is to be written > is aligned on a 4 byte boundary thus potentially adding some padding > between packets. This padding is ignored when checking for overflow > condition. It is possible to craft the packet such that we would > fail to detect an overflow and trigger buffer overwrite. Adding > padding to the overflow check resolves this issues. > > V4: As Jason Wang correctly pointed out, the overflow check should > catch this. The reason it wasn't catching was that it was ignorring > the padding that may exist between each packet. Adding the padding > to the overflow check resolved the issue. This becomes a much > simpler fix. > > V3: Fix the second patch to correctly track unread and available buffer > speace. Prior version used calculation for availble space to track > unread space which was wrong. > > V2: instead of tracking buffer_full condition, changed the code, as > suggested by Stefan Hajnoczi, to track the number of unread bytes > instead. We initialize it to 0 at the start, adjust it on every > receive from the network and read from the guest and can set > the number of unread of bytes to full buffer size when the buffer > full. > > Vladislav Yasevich (2): > rtl8139: Fix receive buffer overflow check > rtl8139: Do not consume the packet during overflow in standard mode. > > hw/net/rtl8139.c | 8 +++++--- > 1 file changed, 5 insertions(+), 3 deletions(-) > > -- > 1.9.3 >
Thanks, applied to my net tree: https://github.com/stefanha/qemu/commits/net Stefan