On 2020/3/23 上午11:43, Jason Wang wrote:
On 2020/3/20 上午1:40, P J P wrote:
From: Prasad J Pandit <p...@fedoraproject.org>
Hello,
* This series adds checks to avoid potential OOB access and infinite
loop
issues while processing rx/tx data.
* Tulip tx descriptors are capped at 128 to avoid infinite loop in
tulip_xmit_list_update(), wrt Tulip kernel driver
->
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/drivers/net/ethernet/dec/tulip/tulip.h#n319
* Update v3: add .can_receive routine
->
https://lists.gnu.org/archive/html/qemu-devel/2020-02/msg06275.html
* Update v4: flush queued packets once they are received
->
https://lists.gnu.org/archive/html/qemu-devel/2020-03/msg05868.html
* Update v5: fixed a typo in patch commit message
->
https://lists.gnu.org/archive/html/qemu-devel/2020-03/msg06209.html
Thank you.
Looks good to me.
Qiang, any change to give a test with your reproducer?
Thanks
Ok, I get this:
hw/net/tulip.c:305:20: error: initialization of ‘_Bool
(*)(NetClientState *)’ {aka ‘_Bool (*)(struct NetClientState *)’} from
incompatible pointer type ‘int (*)(NetClientState *)’ {aka ‘int
(*)(struct NetClientState *)’} [-Werror=incompatible-pointer-types]
.can_receive = tulip_can_receive,
^~~~~~~~~~~~~~~~~
Prasad, please fix this and post a new version.
While at it, I prefer to squash patch 3 into patch 2 since patch 3 fixes
the issue introduced by patch 2.
Thanks
--
Prasad J Pandit (3):
net: tulip: check frame size and r/w data length
net: tulip: add .can_receive routine
net: tulip: flush queued packets post receive
hw/net/tulip.c | 51 +++++++++++++++++++++++++++++++++++++++++---------
1 file changed, 42 insertions(+), 9 deletions(-)
--
2.25.1
