WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-devel

[Xen-devel] [PATCH] ioemu+pcnet-owner.patch

To: xen-devel@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-devel] [PATCH] ioemu+pcnet-owner.patch
From: Leendert van Doorn <leendert@xxxxxxxxxxxxxx>
Date: Fri, 02 Sep 2005 12:54:00 -0400
Cc: asit.k.mallick@xxxxxxxxx, arun.sharma@xxxxxxxxx
Delivery-date: Fri, 02 Sep 2005 17:02:15 +0000
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Organization: IBM T.J. Watson Research Center
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
Qemu-dm dumps core with the pcnet device. This patches fixes it.

When pcnet_receive calls pcnet_poll, which polls the receive and the send
rings. Whenever there is an element in the send ring that is owned by
the Lance chip it will call pcnet_transmit and send it. When the element
is the endp(acket), pcnet_transmit will copy it out, send the packet
(qemu_send_packet) and then clear the owner bit. Somewherer along the
qemu_send_packet execution path, pcnet_recieve is called again, which
calls pcnet_poll and starts this whole process again. This very rapidly
leads to a stack overflow and crashes qemu.

The fix is simple, stop the recursion. Once the packet is copied into
qemu datatstructure (before qemu_send_packet is called!), the owner bit
on the ring element should be cleared.

(patches are against current xen-vt-testing tree)

Signed-Off-By: Leendert van Doorn <leendert@xxxxxxxxxxxxxx>

diff -r 84ee014ebd41 tools/ioemu/hw/pcnet.c
--- a/tools/ioemu/hw/pcnet.c    Wed Aug 17 20:34:38 2005
+++ b/tools/ioemu/hw/pcnet.c    Fri Aug 19 11:36:57 2005
@@ -569,6 +569,10 @@
             cpu_physical_memory_read(PHYSADDR(s, tmd.tmd0.tbadr),
                     s->buffer + s->xmit_pos, 4096 - tmd.tmd1.bcnt);
             s->xmit_pos += 4096 - tmd.tmd1.bcnt;
+
+           tmd.tmd1.own = 0;
+           TMDSTORE(&tmd, PHYSADDR(s,CSR_CXDA(s)));
+
 #ifdef PCNET_DEBUG
             printf("pcnet_transmit size=%d\n", s->xmit_pos);
 #endif            
@@ -580,10 +584,10 @@
             s->csr[0] &= ~0x0008;   /* clear TDMD */
             s->csr[4] |= 0x0004;    /* set TXSTRT */
             s->xmit_pos = -1;
-        }
-
-        tmd.tmd1.own = 0;
-        TMDSTORE(&tmd, PHYSADDR(s,CSR_CXDA(s)));
+        } else {
+           tmd.tmd1.own = 0;
+           TMDSTORE(&tmd, PHYSADDR(s,CSR_CXDA(s)));
+       }
         if (!CSR_TOKINTD(s) || (CSR_LTINTEN(s) && tmd.tmd1.ltint))
             s->csr[0] |= 0x0200;    /* set TINT */
 


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

<Prev in Thread] Current Thread [Next in Thread>
  • [Xen-devel] [PATCH] ioemu+pcnet-owner.patch, Leendert van Doorn <=