On 02/24/2016 05:25 PM, yanghongke wrote: > Good day to you! > > After my test, I find that the issue is fixed with this patch. > When receiving packet, ne2000_buffer_full return 1, ne2000_receive > immediately return -1,so it avoid infinite loop or OOB r/w access issues.
Thanks for the testing. (Btw please use bottom posting on the list). Apply the patch with your "Tested-by". > -----邮件原件----- > 发件人: Jason Wang [mailto:jasow...@redhat.com] > 发送时间: 2016年2月24日 16:13 > 收件人: P J P; Qemu Developers > 抄送: yanghongke; Prasad J Pandit > 主题: Re: [PATCH v2] net: ne2000: check ring buffer control registers > > > > On 02/24/2016 02:11 PM, P J P wrote: >> From: Prasad J Pandit <p...@fedoraproject.org> >> >> Ne2000 NIC uses ring buffer of NE2000_MEM_SIZE(49152) bytes to process >> network packets. Registers PSTART & PSTOP define ring buffer size & >> location. Setting these registers to invalid values could lead to >> infinite loop or OOB r/w access issues. Add check to avoid it. >> >> Reported-by: Yang Hongke <yanghon...@huawei.com> >> Signed-off-by: Prasad J Pandit <p...@fedoraproject.org> >> --- >> hw/net/ne2000.c | 4 ++++ >> 1 file changed, 4 insertions(+) >> >> Update per review: >> -> >> https://lists.gnu.org/archive/html/qemu-devel/2016-02/msg05522.html >> >> diff --git a/hw/net/ne2000.c b/hw/net/ne2000.c index b032212..ced4666 >> 100644 >> --- a/hw/net/ne2000.c >> +++ b/hw/net/ne2000.c >> @@ -154,6 +154,10 @@ static int ne2000_buffer_full(NE2000State *s) { >> int avail, index, boundary; >> >> + if (s->stop <= s->start) { >> + return 1; >> + } >> + >> index = s->curpag << 8; >> boundary = s->boundary << 8; >> if (index < boundary) > Hongke, would you mind to test this patch to see if it fixes your issue and > add a "Tested-by" tag? > > Thanks