* Peter Maydell (peter.mayd...@linaro.org) wrote: > The current tx_fifo code has a corner case where the guest can overrun > the fifo buffer: if automatic CRCs are disabled we allow the guest to write > the CRC word even if there isn't actually space for it in the FIFO. > The datasheet is unclear about exactly how the hardware deals with this > situation; the most plausible answer seems to be that the CRC word is > just lost. > > Implement this fix by separating the "can we stuff another word in the > FIFO" logic from the "should we transmit the packet now" check. This > also moves us closer to the real hardware, which has a number of ways > it can be configured to trigger sending the packet, some of which we > don't implement. > > Signed-off-by: Peter Maydell <peter.mayd...@linaro.org>
Reviewed-by: Dr. David Alan Gilbert <dgilb...@redhat.com> > --- > hw/net/stellaris_enet.c | 10 ++++++---- > 1 file changed, 6 insertions(+), 4 deletions(-) > > diff --git a/hw/net/stellaris_enet.c b/hw/net/stellaris_enet.c > index d04e6a4..bd844cd 100644 > --- a/hw/net/stellaris_enet.c > +++ b/hw/net/stellaris_enet.c > @@ -253,10 +253,12 @@ static void stellaris_enet_write(void *opaque, hwaddr > offset, > s->tx_fifo[s->tx_fifo_len++] = value >> 24; > } > } else { > - s->tx_fifo[s->tx_fifo_len++] = value; > - s->tx_fifo[s->tx_fifo_len++] = value >> 8; > - s->tx_fifo[s->tx_fifo_len++] = value >> 16; > - s->tx_fifo[s->tx_fifo_len++] = value >> 24; > + if (s->tx_fifo_len + 4 <= ARRAY_SIZE(s->tx_fifo)) { > + s->tx_fifo[s->tx_fifo_len++] = value; > + s->tx_fifo[s->tx_fifo_len++] = value >> 8; > + s->tx_fifo[s->tx_fifo_len++] = value >> 16; > + s->tx_fifo[s->tx_fifo_len++] = value >> 24; > + } > if (s->tx_fifo_len >= s->tx_frame_len) { > /* We don't implement explicit CRC, so just chop it off. */ > if ((s->tctl & SE_TCTL_CRC) == 0) > -- > 1.9.0 > -- Dr. David Alan Gilbert / dgilb...@redhat.com / Manchester, UK