qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] rtl8139: fix large_send_mss divide-by-zero

From: Peter Maydell
Subject: Re: [PATCH] rtl8139: fix large_send_mss divide-by-zero
Date: Thu, 13 Apr 2023 19:24:17 +0100 
On Thu, 13 Apr 2023 at 18:21, Stefan Hajnoczi <stefanha@redhat.com> wrote:
>
> If the driver sets large_send_mss to 0 then a divide-by-zero occurs.
> Even if the division wasn't a problem, the for loop that emits MSS-sized
> packets would never terminate.
>
> Solve these issues by skipping offloading when large_send_mss=0.

> diff --git a/hw/net/rtl8139.c b/hw/net/rtl8139.c
> index 5a5aaf868d..5f1a4d359b 100644
> --- a/hw/net/rtl8139.c
> +++ b/hw/net/rtl8139.c
> @@ -2154,6 +2154,9 @@ static int rtl8139_cplus_transmit_one(RTL8139State *s)
>
>                  int large_send_mss = (txdw0 >> CP_TC_LGSEN_MSS_SHIFT) &
>                                       CP_TC_LGSEN_MSS_MASK;
> +                if (large_send_mss == 0) {
> +                    goto skip_offload;
> +                }

Looks like 0 is the only problematic value for the code, so
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>

thanks
-- PMM
reply via email to
[Prev in Thread] Current Thread [Next in Thread]