1 From 53102ff7c9c928e2c778a6440f7039ee29dc5acf Mon Sep 17 00:00:00 2001
2 From: Prasad J Pandit <pjp@fedoraproject.org>
3 Date: Thu, 22 Sep 2016 16:01:38 +0530
4 Subject: [PATCH 3/5] net: imx: limit buffer descriptor count
6 i.MX Fast Ethernet Controller uses buffer descriptors to manage
7 data flow to/fro receive & transmit queues. While transmitting
8 packets, it could continue to read buffer descriptors if a buffer
9 descriptor has length of zero and has crafted values in bd.flags.
10 Set an upper limit to number of buffer descriptors.
12 Reported-by: Li Qiang <liqiang6-s@360.cn>
13 Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
15 hw/net/imx_fec.c | 6 ++++--
16 1 file changed, 4 insertions(+), 2 deletions(-)
18 diff --git a/hw/net/imx_fec.c b/hw/net/imx_fec.c
19 index e60e338..547fa99 100644
20 --- a/hw/net/imx_fec.c
21 +++ b/hw/net/imx_fec.c
22 @@ -94,6 +94,8 @@ static const VMStateDescription vmstate_imx_fec = {
23 #define PHY_INT_PARFAULT (1 << 2)
24 #define PHY_INT_AUTONEG_PAGE (1 << 1)
26 +#define IMX_MAX_DESC 1024
28 static void imx_fec_update(IMXFECState *s);
31 @@ -264,12 +266,12 @@ static void imx_fec_update(IMXFECState *s)
33 static void imx_fec_do_tx(IMXFECState *s)
36 + int frame_size = 0, descnt = 0;
37 uint8_t frame[FEC_MAX_FRAME_SIZE];
39 uint32_t addr = s->tx_descriptor;
42 + while (descnt++ < IMX_MAX_DESC) {