[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH 36/78] dp8393x: Pad frames to word or long word boundary
|
From: |
Michael Roth |
|
Subject: |
[PATCH 36/78] dp8393x: Pad frames to word or long word boundary |
|
Date: |
Tue, 16 Jun 2020 09:15:05 -0500 |
From: Finn Thain <fthain@telegraphics.com.au>
The existing code has a bug where the Remaining Buffer Word Count (RBWC)
is calculated with a truncating division, which gives the wrong result
for odd-sized packets.
Section 1.4.1 of the datasheet says,
Once the end of the packet has been reached, the serializer will
fill out the last word (16-bit mode) or long word (32-bit mode)
if the last byte did not end on a word or long word boundary
respectively. The fill byte will be 0FFh.
Implement buffer padding so that buffer limits are correctly enforced.
Signed-off-by: Finn Thain <fthain@telegraphics.com.au>
Tested-by: Laurent Vivier <laurent@vivier.eu>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
(cherry picked from commit 350e7d9a77d3b9ac74d240e4b232db1ebe5c05bc)
*drop context dependencies from b7cbebf2b9d, 1ccda935d4f, and
19f70347731
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
---
hw/net/dp8393x.c | 39 ++++++++++++++++++++++++++++-----------
1 file changed, 28 insertions(+), 11 deletions(-)
diff --git a/hw/net/dp8393x.c b/hw/net/dp8393x.c
index 40e3a029b6..0e9061d831 100644
--- a/hw/net/dp8393x.c
+++ b/hw/net/dp8393x.c
@@ -766,16 +766,23 @@ static ssize_t dp8393x_receive(NetClientState *nc, const
uint8_t * buf,
dp8393xState *s = qemu_get_nic_opaque(nc);
int packet_type;
uint32_t available, address;
- int width, rx_len = pkt_size;
+ int width, rx_len, padded_len;
uint32_t checksum;
int size;
- width = (s->regs[SONIC_DCR] & SONIC_DCR_DW) ? 2 : 1;
-
s->regs[SONIC_RCR] &= ~(SONIC_RCR_PRX | SONIC_RCR_LBK | SONIC_RCR_FAER |
SONIC_RCR_CRCR | SONIC_RCR_LPKT | SONIC_RCR_BC | SONIC_RCR_MC);
- if (pkt_size + 4 > dp8393x_rbwc(s) * 2) {
+ rx_len = pkt_size + sizeof(checksum);
+ if (s->regs[SONIC_DCR] & SONIC_DCR_DW) {
+ width = 2;
+ padded_len = ((rx_len - 1) | 3) + 1;
+ } else {
+ width = 1;
+ padded_len = ((rx_len - 1) | 1) + 1;
+ }
+
+ if (padded_len > dp8393x_rbwc(s) * 2) {
DPRINTF("oversize packet, pkt_size is %d\n", pkt_size);
s->regs[SONIC_ISR] |= SONIC_ISR_RBAE;
dp8393x_update_irq(s);
@@ -810,22 +817,32 @@ static ssize_t dp8393x_receive(NetClientState *nc, const
uint8_t * buf,
s->regs[SONIC_TRBA0] = s->regs[SONIC_CRBA0];
/* Calculate the ethernet checksum */
- checksum = cpu_to_le32(crc32(0, buf, rx_len));
+ checksum = cpu_to_le32(crc32(0, buf, pkt_size));
/* Put packet into RBA */
DPRINTF("Receive packet at %08x\n", dp8393x_crba(s));
address = dp8393x_crba(s);
address_space_rw(&s->as, address,
- MEMTXATTRS_UNSPECIFIED, (uint8_t *)buf, rx_len, 1);
- address += rx_len;
+ MEMTXATTRS_UNSPECIFIED, (uint8_t *)buf, pkt_size, 1);
+ address += pkt_size;
+
+ /* Put frame checksum into RBA */
address_space_rw(&s->as, address,
- MEMTXATTRS_UNSPECIFIED, (uint8_t *)&checksum, 4, 1);
- address += 4;
- rx_len += 4;
+ MEMTXATTRS_UNSPECIFIED, (uint8_t *)&checksum, sizeof(checksum), 1);
+ address += sizeof(checksum);
+
+ /* Pad short packets to keep pointers aligned */
+ if (rx_len < padded_len) {
+ size = padded_len - rx_len;
+ address_space_rw(&s->as, address, MEMTXATTRS_UNSPECIFIED,
+ (uint8_t *)"\xFF\xFF\xFF", size, 1);
+ address += size;
+ }
+
s->regs[SONIC_CRBA1] = address >> 16;
s->regs[SONIC_CRBA0] = address & 0xffff;
available = dp8393x_rbwc(s);
- available -= rx_len / 2;
+ available -= padded_len >> 1;
s->regs[SONIC_RBWC1] = available >> 16;
s->regs[SONIC_RBWC0] = available & 0xffff;
--
2.17.1
- [PATCH 02/78] block/nbd: fix memory leak in nbd_open(), (continued)
- [PATCH 02/78] block/nbd: fix memory leak in nbd_open(), Michael Roth, 2020/06/16
- [PATCH 29/78] dp8393x: Clean up endianness hacks, Michael Roth, 2020/06/16
- [PATCH 24/78] intel_iommu: add present bit check for pasid table entries, Michael Roth, 2020/06/16
- [PATCH 25/78] vfio/pci: Don't remove irqchip notifier if not registered, Michael Roth, 2020/06/16
- [PATCH 32/78] dp8393x: Clear RRRA command register bit only when appropriate, Michael Roth, 2020/06/16
- [PATCH 31/78] dp8393x: Update LLFA and CRDA registers from rx descriptor, Michael Roth, 2020/06/16
- [PATCH 34/78] dp8393x: Don't clobber packet checksum, Michael Roth, 2020/06/16
- [PATCH 28/78] dp8393x: Always use 32-bit accesses, Michael Roth, 2020/06/16
- [PATCH 33/78] dp8393x: Implement packet size limit and RBAE interrupt, Michael Roth, 2020/06/16
- [PATCH 35/78] dp8393x: Use long-word-aligned RRA pointers in 32-bit mode, Michael Roth, 2020/06/16
- [PATCH 36/78] dp8393x: Pad frames to word or long word boundary,
Michael Roth <=
- [PATCH 37/78] dp8393x: Clear descriptor in_use field to release packet, Michael Roth, 2020/06/16
- [PATCH 38/78] dp8393x: Always update RRA pointers and sequence numbers, Michael Roth, 2020/06/16
- [PATCH 39/78] dp8393x: Don't reset Silicon Revision register, Michael Roth, 2020/06/16
- [PATCH 40/78] dp8393x: Don't stop reception upon RBE interrupt assertion, Michael Roth, 2020/06/16
- [PATCH 03/78] i386: Resolve CPU models to v1 by default, Michael Roth, 2020/06/16
- [PATCH 44/78] qcow2: update_refcount(): Reset old_table_index after qcow2_cache_put(), Michael Roth, 2020/06/16
- [PATCH 46/78] iotests: Test copy offloading with external data file, Michael Roth, 2020/06/16
- [PATCH 42/78] plugins/core: add missing break in cb_to_tcg_flags, Michael Roth, 2020/06/16
- [PATCH 45/78] qcow2: Fix qcow2_alloc_cluster_abort() for external data file, Michael Roth, 2020/06/16
- [PATCH 47/78] qcow2: Fix alloc_cluster_abort() for pre-existing clusters, Michael Roth, 2020/06/16