Good day to you! After my test, I find that the issue is fixed with this patch. When receiving packet, ne2000_buffer_full return 1, ne2000_receive immediately return -1,so it avoid infinite loop or OOB r/w access issues.
-----邮件原件----- 发件人: Jason Wang [mailto:jasow...@redhat.com] 发送时间: 2016年2月24日 16:13 收件人: P J P; Qemu Developers 抄送: yanghongke; Prasad J Pandit 主题: Re: [PATCH v2] net: ne2000: check ring buffer control registers On 02/24/2016 02:11 PM, P J P wrote: > From: Prasad J Pandit <p...@fedoraproject.org> > > Ne2000 NIC uses ring buffer of NE2000_MEM_SIZE(49152) bytes to process > network packets. Registers PSTART & PSTOP define ring buffer size & > location. Setting these registers to invalid values could lead to > infinite loop or OOB r/w access issues. Add check to avoid it. > > Reported-by: Yang Hongke <yanghon...@huawei.com> > Signed-off-by: Prasad J Pandit <p...@fedoraproject.org> > --- > hw/net/ne2000.c | 4 ++++ > 1 file changed, 4 insertions(+) > > Update per review: > -> > https://lists.gnu.org/archive/html/qemu-devel/2016-02/msg05522.html > > diff --git a/hw/net/ne2000.c b/hw/net/ne2000.c index b032212..ced4666 > 100644 > --- a/hw/net/ne2000.c > +++ b/hw/net/ne2000.c > @@ -154,6 +154,10 @@ static int ne2000_buffer_full(NE2000State *s) { > int avail, index, boundary; > > + if (s->stop <= s->start) { > + return 1; > + } > + > index = s->curpag << 8; > boundary = s->boundary << 8; > if (index < boundary) Hongke, would you mind to test this patch to see if it fixes your issue and add a "Tested-by" tag? Thanks