This patchset overhauls the stellaris_enet TX and RX handling code,
and converts it to use vmstate.
The principal motivation is to fix the buffer overrun noted
in the first patch, and to reimplement things using simpler
state fields which are easier to migrate and to validate in
post_load. I also fixed a couple of other bugs I noticed while
I was there.
This isn't actually sufficient to get my test image to work:
that needs proper implementation of the MII registers in the PHY.
I tested this with a minor hack to make all MII registers return
0x24, which happens to satisfy the test image's setup code.
However implementing the PHY registers is more work than I want
to do on this device right now...
Although patch 7 fixes a CVE (code is exploitable by malicious
incoming migration state), I haven't cc'd stable on it;
this is because:
* migration doesn't work on the stellaris board anyway
because not all the board's devices support it, so nobody
will be using it
* there are many lurking problems with most of our more-or-less
unmaintained boards, so nobody IMHO should be treating
guest-to-host as a security boundary for those boards
I think patch 7 is the only one still needing review.
thanks
-- PMM
Changes v3->v4:
* fix +/-4 error in guard on rx_fifo_offset
* drop now-unneeded minimum_version_id_old entries in vmstate
Changes v2->v3:
* don't bother updating vmstate version in intermediate patches
* use uint32_t rather than int32_t for rx_fifo_offset, next_packet,
tx_fifo_len and rx[].len
* check tx_fifo_len range in post-load
* tweak rx_fifo_offset post-load check to avoid possible overflow
in addition
* fixed ordering of next_packet/rx_fifo_offset in vmstate to
match the stellaris_enet_state structure
Changes v1->v2:
* only transmit when 1 is written to TR, not on any write
* new patches to get rid of rx_fifo, rx_fifo_len
* vmstate conversion (includes migration sanitizing code)
Peter Maydell (7):
hw/net/stellaris_enet: Restructure tx_fifo code to avoid buffer
overrun
hw/net/stellaris_enet: Correct handling of packet padding
hw/net/stellaris_enet: Rewrite tx fifo handling code
hw/net/stellaris_enet: Correctly implement the TR and THR registers
hw/net/stellaris_enet: Fix debug format strings
hw/net/stellaris_enet: Get rid of rx_fifo pointer
hw/net/stellaris_enet: Convert to vmstate
hw/net/stellaris_enet.c | 312 +++++++++++++++++++++++++++++-------------------
1 file changed, 186 insertions(+), 126 deletions(-)
--
1.9.2
