On Fri, Apr 14, 2023 at 2:24 AM Peter Maydell <peter.mayd...@linaro.org> wrote:
>
> On Thu, 13 Apr 2023 at 18:21, Stefan Hajnoczi <stefa...@redhat.com> wrote:
> >
> > If the driver sets large_send_mss to 0 then a divide-by-zero occurs.
> > Even if the division wasn't a problem, the for loop that emits MSS-sized
> > packets would never terminate.
> >
> > Solve these issues by skipping offloading when large_send_mss=0.
>
> > diff --git a/hw/net/rtl8139.c b/hw/net/rtl8139.c
> > index 5a5aaf868d..5f1a4d359b 100644
> > --- a/hw/net/rtl8139.c
> > +++ b/hw/net/rtl8139.c
> > @@ -2154,6 +2154,9 @@ static int rtl8139_cplus_transmit_one(RTL8139State *s)
> >
> > int large_send_mss = (txdw0 >> CP_TC_LGSEN_MSS_SHIFT) &
> > CP_TC_LGSEN_MSS_MASK;
> > + if (large_send_mss == 0) {
> > + goto skip_offload;
> > + }
>
> Looks like 0 is the only problematic value for the code, so
> Reviewed-by: Peter Maydell <peter.mayd...@linaro.org>
I think it's not worth 8.0. So I've queued this.
If anyone think it is, Peter may queue this directly with
Acked-by: Jason Wang <jasow...@redhat.com>
Thanks
>
> thanks
> -- PMM
>
