direct-io.hg

changeset 12482:075f4ffdbbce

[QEMU] rtl8139: Disallow chaining above 64K

As it stands the 8139C+ TX chaining is only bounded by realloc failure.
This is contrary to how the real hardware operates. It also has DoS
potential when ioemu runs in dom0.

This patch makes any attempt to chain a frame beyond 64K fail
immediately.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
author kfraser@localhost.localdomain
date Fri Nov 17 10:34:08 2006 +0000 (2006-11-17)
parents 51edd3c6a4d8
children 781ea5017f18
files tools/ioemu/hw/rtl8139.c
line diff
     1.1 --- a/tools/ioemu/hw/rtl8139.c	Fri Nov 17 10:32:57 2006 +0000
     1.2 +++ b/tools/ioemu/hw/rtl8139.c	Fri Nov 17 10:34:08 2006 +0000
     1.3 @@ -1999,12 +1999,12 @@ static int rtl8139_cplus_transmit_one(RT
     1.4          DEBUG_PRINT(("RTL8139: +++ C+ mode transmission buffer allocated space %d\n", s->cplus_txbuffer_len));
     1.5      }
     1.6  
     1.7 -    while (s->cplus_txbuffer && s->cplus_txbuffer_offset + txsize >= s->cplus_txbuffer_len)
     1.8 +    if (s->cplus_txbuffer && s->cplus_txbuffer_offset + txsize >= s->cplus_txbuffer_len)
     1.9      {
    1.10 -        s->cplus_txbuffer_len += CP_TX_BUFFER_SIZE;
    1.11 -        s->cplus_txbuffer = realloc(s->cplus_txbuffer, s->cplus_txbuffer_len);
    1.12 -
    1.13 -        DEBUG_PRINT(("RTL8139: +++ C+ mode transmission buffer space changed to %d\n", s->cplus_txbuffer_len));
    1.14 +	free(s->cplus_txbuffer);
    1.15 +	s->cplus_txbuffer = NULL;
    1.16 +
    1.17 +	DEBUG_PRINT(("RTL8139: +++ C+ mode transmission buffer space exceeded: %d\n", s->cplus_txbuffer_offset + txsize));
    1.18      }
    1.19  
    1.20      if (!s->cplus_txbuffer)