On Thu, 13 Apr 2023 at 18:21, Stefan Hajnoczi <stefa...@redhat.com> wrote:
>
> If the driver sets large_send_mss to 0 then a divide-by-zero occurs.
> Even if the division wasn't a problem, the for loop that emits MSS-sized
> packets would never terminate.
>
> Solve these issues by skipping offloading when large_send_mss=0.
> diff --git a/hw/net/rtl8139.c b/hw/net/rtl8139.c
> index 5a5aaf868d..5f1a4d359b 100644
> --- a/hw/net/rtl8139.c
> +++ b/hw/net/rtl8139.c
> @@ -2154,6 +2154,9 @@ static int rtl8139_cplus_transmit_one(RTL8139State *s)
>
> int large_send_mss = (txdw0 >> CP_TC_LGSEN_MSS_SHIFT) &
> CP_TC_LGSEN_MSS_MASK;
> + if (large_send_mss == 0) {
> + goto skip_offload;
> + }
Looks like 0 is the only problematic value for the code, so
Reviewed-by: Peter Maydell <peter.mayd...@linaro.org>
thanks
-- PMM
