On 16/10/2015 13:12, P J P wrote: > Hello, > > An infinite loop issue in hw/net/eepro100.c emulator was reported by Mr > Qinghao Tang(CC'd here). > > Below is a proposed fix patch and details about the issue. > > === > From f06497dfefabbdd6f966a5d6c177d85cd0e5ecd8 Mon Sep 17 00:00:00 2001 > From: Prasad J Pandit <p...@fedoraproject.org> > Date: Fri, 16 Oct 2015 11:33:27 +0530 > Subject: eepro100: prevent an infinite loop over same command block > > action_command() routine executes a chain of commands located > in the Command Block List(CBL). Each Command Block(CB) has a > link to the next CB in the list, given by 's->tx.link'. > This is used in conjunction with the base address 's->cu_base'. > > An infinite loop unfolds if the 'link' to the next CB is > same as the previous one, the loop ends up executing the same > command over and over again. > > Reported-by: Qinghao Tang <luodalon...@gmail.com> > Signed-off-by: Prasad J Pandit <p...@fedoraproject.org> > --- > hw/net/eepro100.c | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/hw/net/eepro100.c b/hw/net/eepro100.c > index 60333b7..d76d108 100644 > --- a/hw/net/eepro100.c > +++ b/hw/net/eepro100.c > @@ -863,6 +863,8 @@ static void action_command(EEPRO100State *s) > uint16_t ok_status = STATUS_OK; > s->cb_address = s->cu_base + s->cu_offset; > read_cb(s); > + if (s->tx.link == s->cu_offset) > + break;
Please update the patch to conform to QEMU's coding standards; braces are required even around single-statement blocks. Paolo > bit_el = ((s->tx.command & COMMAND_EL) != 0); > bit_s = ((s->tx.command & COMMAND_S) != 0); > bit_i = ((s->tx.command & COMMAND_I) != 0);
