From: Cédric Le Goater <clg@kaod.org>
These buffers should be aligned on 16 bytes.
Ignore invalid RX and TX buffer addresses and log an error. All
incoming and outgoing traffic will be dropped because no valid RX or
TX descriptors will be available.
Signed-off-by: Cédric Le Goater <clg@kaod.org>
Message-id: 20200114103433.30534-4-clg@kaod.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
hw/net/ftgmac100.c | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/hw/net/ftgmac100.c b/hw/net/ftgmac100.c
index 4ad2594d3a6..2f92b65d4ef 100644
@@ -198,6 +198,8 @@ typedef struct {
uint32_t des3;
} FTGMAC100Desc;
+#define FTGMAC100_DESC_ALIGNMENT 16
+
/*
* Specific RTL8211E MII Registers
*/
@@ -722,6 +724,12 @@ static void ftgmac100_write(void *opaque, hwaddr addr,
s->itc = value;
break;
case FTGMAC100_RXR_BADR: /* Ring buffer address */
+ if (!QEMU_IS_ALIGNED(value, FTGMAC100_DESC_ALIGNMENT)) {
+ qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad RX buffer alignment 0x%"
+ HWADDR_PRIx "\n", __func__, value);
+ return;
+ }
+
s->rx_ring = value;
s->rx_descriptor = s->rx_ring;
break;
@@ -731,6 +739,11 @@ static void ftgmac100_write(void *opaque, hwaddr addr,
break;
case FTGMAC100_NPTXR_BADR: /* Transmit buffer address */
+ if (!QEMU_IS_ALIGNED(value, FTGMAC100_DESC_ALIGNMENT)) {
+ qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad TX buffer alignment 0x%"
+ HWADDR_PRIx "\n", __func__, value);
+ return;
+ }
s->tx_ring = value;
s->tx_descriptor = s->tx_ring;
break;
--
2.20.1