[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH] rtl8139: fix large_send_mss divide-by-zero
|
From: |
Jason Wang |
|
Subject: |
Re: [PATCH] rtl8139: fix large_send_mss divide-by-zero |
|
Date: |
Fri, 14 Apr 2023 11:13:41 +0800 |
On Fri, Apr 14, 2023 at 2:24 AM Peter Maydell <peter.maydell@linaro.org> wrote:
>
> On Thu, 13 Apr 2023 at 18:21, Stefan Hajnoczi <stefanha@redhat.com> wrote:
> >
> > If the driver sets large_send_mss to 0 then a divide-by-zero occurs.
> > Even if the division wasn't a problem, the for loop that emits MSS-sized
> > packets would never terminate.
> >
> > Solve these issues by skipping offloading when large_send_mss=0.
>
> > diff --git a/hw/net/rtl8139.c b/hw/net/rtl8139.c
> > index 5a5aaf868d..5f1a4d359b 100644
> > --- a/hw/net/rtl8139.c
> > +++ b/hw/net/rtl8139.c
> > @@ -2154,6 +2154,9 @@ static int rtl8139_cplus_transmit_one(RTL8139State *s)
> >
> > int large_send_mss = (txdw0 >> CP_TC_LGSEN_MSS_SHIFT) &
> > CP_TC_LGSEN_MSS_MASK;
> > + if (large_send_mss == 0) {
> > + goto skip_offload;
> > + }
>
> Looks like 0 is the only problematic value for the code, so
> Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
I think it's not worth 8.0. So I've queued this.
If anyone think it is, Peter may queue this directly with
Acked-by: Jason Wang <jasowang@redhat.com>
Thanks
>
> thanks
> -- PMM
>