aboutsummaryrefslogtreecommitdiff
path: root/hw/net
diff options
context:
space:
mode:
authorCédric Le Goater <clg@kaod.org>2020-09-01 14:21:50 +0200
committerCédric Le Goater <clg@kaod.org>2020-09-01 14:21:50 +0200
commitaf6d66e23557a36491a06857a447d016f6cf9f33 (patch)
treef5637b62ae805428f34d1e357712d506d347c3bc /hw/net
parent9c30f092a0e2a05aa37a4f22d3109b9913a6caea (diff)
downloadqemu-af6d66e23557a36491a06857a447d016f6cf9f33.zip
qemu-af6d66e23557a36491a06857a447d016f6cf9f33.tar.gz
qemu-af6d66e23557a36491a06857a447d016f6cf9f33.tar.bz2
ftgmac100: Check for invalid len and address before doing a DMA transfer
According to the Aspeed specs, no interrupts are raised in that case but a "Tx-packets lost" status seems like a good modeling choice for all implementations. It is covered by the Linux kernel. Cc: Frederic Konrad <konrad.frederic@yahoo.fr> Reviewed-by: Joel Stanley <joel@jms.id.au> Message-Id: <20200819100956.2216690-14-clg@kaod.org> Signed-off-by: Cédric Le Goater <clg@kaod.org>
Diffstat (limited to 'hw/net')
-rw-r--r--hw/net/ftgmac100.c9
1 files changed, 9 insertions, 0 deletions
diff --git a/hw/net/ftgmac100.c b/hw/net/ftgmac100.c
index 014980d..280aa3d 100644
--- a/hw/net/ftgmac100.c
+++ b/hw/net/ftgmac100.c
@@ -507,6 +507,15 @@ static void ftgmac100_do_tx(FTGMAC100State *s, uint32_t tx_ring,
}
len = FTGMAC100_TXDES0_TXBUF_SIZE(bd.des0);
+ if (!len) {
+ /*
+ * 0 is an invalid size, however the HW does not raise any
+ * interrupt. Flag an error because the guest is buggy.
+ */
+ qemu_log_mask(LOG_GUEST_ERROR, "%s: invalid segment size\n",
+ __func__);
+ }
+
if (frame_size + len > sizeof(s->frame)) {
qemu_log_mask(LOG_GUEST_ERROR, "%s: frame too big : %d bytes\n",
__func__, len);