[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PATCH v3 0/7] stellaris_enet: overhaul tx/rx, convert to v
|
From: |
Peter Maydell |
|
Subject: |
[Qemu-devel] [PATCH v3 0/7] stellaris_enet: overhaul tx/rx, convert to vmstate |
|
Date: |
Mon, 28 Apr 2014 13:39:23 +0100 |
This patchset overhauls the stellaris_enet TX and RX handling code,
and converts it to use vmstate.
The principal motivation is to fix the buffer overrun noted
in the first patch, and to reimplement things using simpler
state fields which are easier to migrate and to validate in
post_load. I also fixed a couple of other bugs I noticed while
I was there.
This isn't actually sufficient to get my test image to work:
that needs proper implementation of the MII registers in the PHY.
I tested this with a minor hack to make all MII registers return
0x24, which happens to satisfy the test image's setup code.
However implementing the PHY registers is more work than I want
to do on this device right now...
Although patch 7 fixes a CVE (code is exploitable by malicious
incoming migration state), I haven't cc'd stable on it;
this is because:
* migration doesn't work on the stellaris board anyway
because not all the board's devices support it, so nobody
will be using it
* there are many lurking problems with most of our more-or-less
unmaintained boards, so nobody IMHO should be treating
guest-to-host as a security boundary for those boards
I think patch 7 is the only one still needing review.
thanks
-- PMM
Changes v2->v3:
* don't bother updating vmstate version in intermediate patches
* use uint32_t rather than int32_t for rx_fifo_offset, next_packet,
tx_fifo_len and rx[].len
* check tx_fifo_len range in post-load
* tweak rx_fifo_offset post-load check to avoid possible overflow
in addition
* fixed ordering of next_packet/rx_fifo_offset in vmstate to
match the stellaris_enet_state structure
Changes v1->v2:
* only transmit when 1 is written to TR, not on any write
* new patches to get rid of rx_fifo, rx_fifo_len
* vmstate conversion (includes migration sanitizing code)
Peter Maydell (7):
hw/net/stellaris_enet: Restructure tx_fifo code to avoid buffer
overrun
hw/net/stellaris_enet: Correct handling of packet padding
hw/net/stellaris_enet: Rewrite tx fifo handling code
hw/net/stellaris_enet: Correctly implement the TR and THR registers
hw/net/stellaris_enet: Fix debug format strings
hw/net/stellaris_enet: Get rid of rx_fifo pointer
hw/net/stellaris_enet: Convert to vmstate
hw/net/stellaris_enet.c | 314 +++++++++++++++++++++++++++++-------------------
1 file changed, 188 insertions(+), 126 deletions(-)
--
1.9.2
- [Qemu-devel] [PATCH v3 0/7] stellaris_enet: overhaul tx/rx, convert to vmstate,
Peter Maydell <=
- [Qemu-devel] [PATCH v3 6/7] hw/net/stellaris_enet: Get rid of rx_fifo pointer, Peter Maydell, 2014/04/28
- [Qemu-devel] [PATCH v3 7/7] hw/net/stellaris_enet: Convert to vmstate, Peter Maydell, 2014/04/28
- [Qemu-devel] [PATCH v3 2/7] hw/net/stellaris_enet: Correct handling of packet padding, Peter Maydell, 2014/04/28
- [Qemu-devel] [PATCH v3 4/7] hw/net/stellaris_enet: Correctly implement the TR and THR registers, Peter Maydell, 2014/04/28
- [Qemu-devel] [PATCH v3 5/7] hw/net/stellaris_enet: Fix debug format strings, Peter Maydell, 2014/04/28
- [Qemu-devel] [PATCH v3 3/7] hw/net/stellaris_enet: Rewrite tx fifo handling code, Peter Maydell, 2014/04/28
- [Qemu-devel] [PATCH v3 1/7] hw/net/stellaris_enet: Restructure tx_fifo code to avoid buffer overrun, Peter Maydell, 2014/04/28