From: Peter Maydell <[email protected]> In e1000e_write_packet_to_guest() we don't write data for RX descriptors where the buffer address is NULL (as required by the i82574 datasheet section 7.1.7.2). However, when we do this we still update desc_offset by the amount of data we would have written to the RX descriptor if it had a valid buffer pointer, resulting in our dropping that data entirely. The data sheet is not 100% clear on the subject, but this seems unlikely to be the correct behaviour.
Rearrange the null-descriptor logic so that we don't treat these do-nothing descriptors as if we'd really written the data. This both fixes a bug and also is a prerequisite to cleaning up the size calculation logic in the next patch. (Cc to stable largely because it will be needed for the next patch, which fixes a more serious bug.) Cc: [email protected] Signed-off-by: Peter Maydell <[email protected]> Reviewed-by: Akihiko Odaki <[email protected]> Signed-off-by: Jason Wang <[email protected]> (cherry picked from commit 6da0c9828194eb21e54fe4264cd29a1b85a29f33) (Mjt: context fixup in hw/net/e1000e_core.c:e1000e_write_packet_to_guest()) Signed-off-by: Michael Tokarev <[email protected]> diff --git a/hw/net/e1000e_core.c b/hw/net/e1000e_core.c index 5def4cfc1c..be9c15f01e 100644 --- a/hw/net/e1000e_core.c +++ b/hw/net/e1000e_core.c @@ -1512,7 +1512,6 @@ e1000e_write_packet_to_guest(E1000ECore *core, struct NetRxPkt *pkt, PCIDevice *d = core->owner; dma_addr_t base; uint8_t desc[E1000_MAX_RX_DESC_LEN]; - size_t desc_size; size_t desc_offset = 0; size_t iov_ofs = 0; @@ -1531,12 +1530,6 @@ e1000e_write_packet_to_guest(E1000ECore *core, struct NetRxPkt *pkt, e1000e_ba_state bastate = { { 0 } }; bool is_last = false; - desc_size = total_size - desc_offset; - - if (desc_size > core->rx_desc_buf_size) { - desc_size = core->rx_desc_buf_size; - } - if (e1000e_ring_empty(core, rxi)) { return; } @@ -1550,6 +1543,12 @@ e1000e_write_packet_to_guest(E1000ECore *core, struct NetRxPkt *pkt, e1000e_read_rx_descr(core, desc, &ba); if (ba[0]) { + size_t desc_size = total_size - desc_offset; + + if (desc_size > core->rx_desc_buf_size) { + desc_size = core->rx_desc_buf_size; + } + if (desc_offset < size) { static const uint32_t fcs_pad; size_t iov_copy; @@ -1609,13 +1608,13 @@ e1000e_write_packet_to_guest(E1000ECore *core, struct NetRxPkt *pkt, (const char *) &fcs_pad, e1000x_fcs_len(core->mac)); } } + desc_offset += desc_size; + if (desc_offset >= total_size) { + is_last = true; + } } else { /* as per intel docs; skip descriptors with null buf addr */ trace_e1000e_rx_null_descriptor(); } - desc_offset += desc_size; - if (desc_offset >= total_size) { - is_last = true; - } e1000e_write_rx_descr(core, desc, is_last ? core->rx_pkt : NULL, rss_info, do_ps ? ps_hdr_len : 0, &bastate.written); -- 2.47.3
