|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-changelog] [xen-unstable] [QEMU] rtl8139: Disallow chaining above 64K
# HG changeset patch
# User kfraser@xxxxxxxxxxxxxxxxxxxxx
# Node ID 075f4ffdbbce5527ba525a515abe320703d17a0e
# Parent 51edd3c6a4d861db6ce1c9a02251ed49213c3002
[QEMU] rtl8139: Disallow chaining above 64K
As it stands the 8139C+ TX chaining is only bounded by realloc failure.
This is contrary to how the real hardware operates. It also has DoS
potential when ioemu runs in dom0.
This patch makes any attempt to chain a frame beyond 64K fail
immediately.
Signed-off-by: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
---
tools/ioemu/hw/rtl8139.c | 12 ++++++------
1 files changed, 6 insertions(+), 6 deletions(-)
diff -r 51edd3c6a4d8 -r 075f4ffdbbce tools/ioemu/hw/rtl8139.c
--- a/tools/ioemu/hw/rtl8139.c Fri Nov 17 10:32:57 2006 +0000
+++ b/tools/ioemu/hw/rtl8139.c Fri Nov 17 10:34:08 2006 +0000
@@ -1999,12 +1999,12 @@ static int rtl8139_cplus_transmit_one(RT
DEBUG_PRINT(("RTL8139: +++ C+ mode transmission buffer allocated space
%d\n", s->cplus_txbuffer_len));
}
- while (s->cplus_txbuffer && s->cplus_txbuffer_offset + txsize >=
s->cplus_txbuffer_len)
- {
- s->cplus_txbuffer_len += CP_TX_BUFFER_SIZE;
- s->cplus_txbuffer = realloc(s->cplus_txbuffer, s->cplus_txbuffer_len);
-
- DEBUG_PRINT(("RTL8139: +++ C+ mode transmission buffer space changed
to %d\n", s->cplus_txbuffer_len));
+ if (s->cplus_txbuffer && s->cplus_txbuffer_offset + txsize >=
s->cplus_txbuffer_len)
+ {
+ free(s->cplus_txbuffer);
+ s->cplus_txbuffer = NULL;
+
+ DEBUG_PRINT(("RTL8139: +++ C+ mode transmission buffer space exceeded:
%d\n", s->cplus_txbuffer_offset + txsize));
}
if (!s->cplus_txbuffer)
_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |