Tree - rpms/qemu - src.fedoraproject.org

Forked from rpms/qemu a year ago

Blob History Raw

		a0f6152	`From: Prasad J Pandit <pjp@fedoraproject.org>`
		a0f6152	`Date: Fri, 30 Sep 2016 00:27:33 +0530`
		a0f6152	`Subject: [PATCH] net: pcnet: check rx/tx descriptor ring length`
		a0f6152
		a0f6152	`The AMD PC-Net II emulator has set of control and status(CSR)`
		a0f6152	`registers. Of these, CSR76 and CSR78 hold receive and transmit`
		a0f6152	`descriptor ring length respectively. This ring length could range`
		a0f6152	`from 1 to 65535. Setting ring length to zero leads to an infinite`
		a0f6152	`loop in pcnet_rdra_addr() or pcnet_transmit(). Add check to avoid it.`
		a0f6152
		a0f6152	`Reported-by: Li Qiang <liqiang6-s@360.cn>`
		a0f6152	`Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>`
		a0f6152	`Signed-off-by: Jason Wang <jasowang@redhat.com>`
		a0f6152	`(cherry picked from commit 34e29ce754c02bb6b3bdd244fbb85033460feaff)`
		a0f6152	`---`
		a0f6152	`hw/net/pcnet.c \| 3 +++`
		a0f6152	`1 file changed, 3 insertions(+)`
		a0f6152
		a0f6152	`diff --git a/hw/net/pcnet.c b/hw/net/pcnet.c`
		3d039dc	`index 198a01f92d..3078de8aba 100644`
		a0f6152	`--- a/hw/net/pcnet.c`
		a0f6152	`+++ b/hw/net/pcnet.c`
		a0f6152	`@@ -1429,8 +1429,11 @@ static void pcnet_csr_writew(PCNetState *s, uint32_t rap, uint32_t new_value)`
		a0f6152	`case 47: /* POLLINT */`
		a0f6152	`case 72:`
		a0f6152	`case 74:`
		a0f6152	`+ break;`
		a0f6152	`case 76: /* RCVRL */`
		a0f6152	`case 78: /* XMTRL */`
		a0f6152	`+ val = (val > 0) ? val : 512;`
		a0f6152	`+ break;`
		a0f6152	`case 112:`
		a0f6152	`if (CSR_STOP(s) \|\| CSR_SPND(s))`
		a0f6152	`break;`