On 2020/3/17 下午6:49, P J P wrote:
+-- On Tue, 17 Mar 2020, Jason Wang wrote --+
| > +-- On Fri, 6 Mar 2020, Stefan Hajnoczi wrote --+
| > | > +static int
| > | > +tulip_can_receive(NetClientState *nc)
| > | > +{
| > | > + TULIPState *s = qemu_get_nic_opaque(nc);
| > | > +
| > | > + if (s->rx_frame_len || tulip_rx_stopped(s)) {
| > | > + return false;
| > | > + }
|
| Btw, what's the point of checking rx_frame_len here?
tulip_can_recive() is called from tulip_receive(). IIUC non zero(0)
'rx_frame_len' hints that s->rs_frame[] buffer still has unread data bytes and
it can not receive new bytes. The check was earlier in tulip_receive().
Right, so need to make sure qemu_flush_ququed_packets() was called when
rx_frame_len is zero.
Thanks
Thank you.
--
Prasad J Pandit / Red Hat Product Security Team
8685 545E B54C 486B C6EB 271E E285 8B5A F050 DE8D
