WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-devel

[Xen-devel] qemu/rtl8139: Max transmit frame size

To: qemu-devel@xxxxxxxxxx, Xen Development Mailing List <xen-devel@xxxxxxxxxxxxxxxxxxx>
Subject: [Xen-devel] qemu/rtl8139: Max transmit frame size
From: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Date: Wed, 15 Nov 2006 15:38:27 +1100
Delivery-date: Tue, 14 Nov 2006 20:38:45 -0800
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Mutt/1.5.9i
Hi:

I noticed a bug in the realloc error checking code in the QEMU backend
for RealTek8139.  However, what's worse is that there is no cap on the
total size of the transmit buffer at all.  So a guest can keep extending
it until memory runs out.

CP_TX_BUFFER_SIZE is already 64K.  So it seems to me that we don't need
the while loop to extend the buffer at all since no transmitted packet
should be anywhere near this size.

Are there any objections to getting rid of the following while loop
altogether and replacing it with a straight failure?

Cheers,
-- 
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
diff -r f026d4091322 tools/ioemu/hw/rtl8139.c
--- a/tools/ioemu/hw/rtl8139.c  Tue Nov 14 18:52:58 2006 +0000
+++ b/tools/ioemu/hw/rtl8139.c  Wed Nov 15 15:35:24 2006 +1100
@@ -2001,8 +2001,13 @@ static int rtl8139_cplus_transmit_one(RT
 
     while (s->cplus_txbuffer && s->cplus_txbuffer_offset + txsize >= 
s->cplus_txbuffer_len)
     {
+       void *txbuffer;
+
         s->cplus_txbuffer_len += CP_TX_BUFFER_SIZE;
-        s->cplus_txbuffer = realloc(s->cplus_txbuffer, s->cplus_txbuffer_len);
+       txbuffer = realloc(s->cplus_txbuffer, s->cplus_txbuffer_len);
+       if (!txbuffer)
+           free(s->cplus_txbuffer);
+       s->cplus_txbuffer = txbuffer;
 
         DEBUG_PRINT(("RTL8139: +++ C+ mode transmission buffer space changed 
to %d\n", s->cplus_txbuffer_len));
     }

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

<Prev in Thread] Current Thread [Next in Thread>