On Thu, 09/10 21:23, Peter Crosthwaite wrote:
> Return false from can_receive() when the FIFO doesn't have a free RX
> slot. This fixes a bug in the current code where the allocated buffer
> is freed before the fifo pop, triggering a premature flush of queued RX
> packets. It also will handle a corner case, where the guest manually
> frees the allocated buffer before popping the rx FIFO (hence it is not
> enough to just delay the flush_queued_packets()).
>
> Reported-by: Richard Purdie <richard.pur...@linuxfoundation.org>
> Signed-off-by: Peter Crosthwaite <crosthwaite.pe...@gmail.com>
> ---
>
> hw/net/smc91c111.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/hw/net/smc91c111.c b/hw/net/smc91c111.c
> index 5774eff..8fc3deb 100644
> --- a/hw/net/smc91c111.c
> +++ b/hw/net/smc91c111.c
> @@ -129,7 +129,8 @@ static int smc91c111_can_receive(smc91c111_state *s)
> if ((s->rcr & RCR_RXEN) == 0 || (s->rcr & RCR_SOFT_RST)) {
> return 1;
> }
> - if (s->allocated == (1 << NUM_PACKETS) - 1) {
> + if (s->allocated == (1 << NUM_PACKETS) - 1 ||
> + s->rx_fifo_len == NUM_PACKETS) {
> return 0;
> }
> return 1;
> @@ -182,6 +183,7 @@ static void smc91c111_pop_rx_fifo(smc91c111_state *s)
> } else {
> s->int_level &= ~INT_RCV;
> }
> + smc91c111_flush_queued_packets(s);
> smc91c111_update(s);
> }
>
> --
> 1.9.1
>
>
Reviewed-by: Fam Zheng <f...@redhat.com>
