Return false from can_receive() when the FIFO doesn't have a free RX
slot. This fixes a bug in the current code where the allocated buffer
is freed before the fifo pop, triggering a premature flush of queued RX
packets. It also will handle a corner case, where the guest manually
frees the allocated buffer before popping the rx FIFO (hence it is not
enough to just delay the flush_queued_packets()).
Reported-by: Richard Purdie <richard.pur...@linuxfoundation.org>
Signed-off-by: Peter Crosthwaite <crosthwaite.pe...@gmail.com>
---
hw/net/smc91c111.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/hw/net/smc91c111.c b/hw/net/smc91c111.c
index 5774eff..8fc3deb 100644
--- a/hw/net/smc91c111.c
+++ b/hw/net/smc91c111.c
@@ -129,7 +129,8 @@ static int smc91c111_can_receive(smc91c111_state *s)
if ((s->rcr & RCR_RXEN) == 0 || (s->rcr & RCR_SOFT_RST)) {
return 1;
}
- if (s->allocated == (1 << NUM_PACKETS) - 1) {
+ if (s->allocated == (1 << NUM_PACKETS) - 1 ||
+ s->rx_fifo_len == NUM_PACKETS) {
return 0;
}
return 1;
@@ -182,6 +183,7 @@ static void smc91c111_pop_rx_fifo(smc91c111_state *s)
} else {
s->int_level &= ~INT_RCV;
}
+ smc91c111_flush_queued_packets(s);
smc91c111_update(s);
}
--
1.9.1
