[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PATCH][STABLE] Musicpal: Fix descriptor walk in eth_send
From: |
Jan Kiszka |
Subject: |
[Qemu-devel] [PATCH][STABLE] Musicpal: Fix descriptor walk in eth_send |
Date: |
Sun, 24 Jan 2010 09:51:49 +0100 |
User-agent: |
Mozilla/5.0 (X11; U; Linux i686 (x86_64); de; rv:1.8.1.12) Gecko/20080226 SUSE/2.0.0.12-1.1 Thunderbird/2.0.0.12 Mnenhy/0.7.5.666 |
Commit 930c86820e introduced a regression to eth_send: eth_tx_desc_put
manipulates the host's tx descriptor copy before writing it back, but
two lines down the descriptor is evaluated again, leaving us with an
invalid next address if host and guest endianness differ. So this was
the actual issue commit 2e87c5b937 tried to paper over.
Signed-off-by: Jan Kiszka <address@hidden>
---
hw/musicpal.c | 7 +++----
1 files changed, 3 insertions(+), 4 deletions(-)
diff --git a/hw/musicpal.c b/hw/musicpal.c
index e424a7d..b8af15e 100644
--- a/hw/musicpal.c
+++ b/hw/musicpal.c
@@ -238,14 +238,13 @@ static void eth_send(mv88w8618_eth_state *s, int
queue_index)
{
uint32_t desc_addr = s->tx_queue[queue_index];
mv88w8618_tx_desc desc;
+ uint32_t next_desc;
uint8_t buf[2048];
int len;
- if (!desc_addr) {
- return;
- }
do {
eth_tx_desc_get(desc_addr, &desc);
+ next_desc = desc.next;
if (desc.cmdstat & MP_ETH_TX_OWN) {
len = desc.bytes;
if (len < 2048) {
@@ -256,7 +255,7 @@ static void eth_send(mv88w8618_eth_state *s, int
queue_index)
s->icr |= 1 << (MP_ETH_IRQ_TXLO_BIT - queue_index);
eth_tx_desc_put(desc_addr, &desc);
}
- desc_addr = desc.next;
+ desc_addr = next_desc;
} while (desc_addr != s->tx_queue[queue_index]);
}
--
1.6.0.2
signature.asc
Description: OpenPGP digital signature
- [Qemu-devel] [PATCH][STABLE] Musicpal: Fix descriptor walk in eth_send,
Jan Kiszka <=