Hello Paolo,
+-- On Wed, 21 Sep 2016, Paolo Bonzini wrote --+
| Not exactly, because addr changes on every call to mcf_fec_read_bd.
True, but the initial address 's->tx_descriptor' and 's->etdsr' could be set
by user in imx_fec_write(). If bd.flags is set to FEC_BD_W, addr is reset to
initial s->tx_descriptor value of s->etdsr.
if ((bd.flags & FEC_BD_W) != 0) {
addr = s->etdsr;
}
| You can add a limit (e.g. 1024 or 2048 descriptors), but the patches are
| incorrect.
Okay, I'll send a revised patch.
Thank you.
--
Prasad J Pandit / Red Hat Product Security Team
47AF CE69 3A90 54AA 9045 1053 DD13 3D32 FE5B 041F
