projects / xen.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: c14bd44) | patch
Qemu-dm dumps core with the pcnet device. This patches fixes it.
authorkaf24@firebug.cl.cam.ac.uk <kaf24@firebug.cl.cam.ac.uk>
Fri, 2 Sep 2005 17:52:37 +0000 (17:52 +0000)
committerkaf24@firebug.cl.cam.ac.uk <kaf24@firebug.cl.cam.ac.uk>
Fri, 2 Sep 2005 17:52:37 +0000 (17:52 +0000)
commit936fbe104f55f37c0c7159c73062a18ac3d7a3dc
tree14b6b7c327c56e91196f70fdc5594cf41323364btree | snapshot
parentc14bd442517aa7b2028ba3cbfabe49b7ecf5e613commit | diff
Qemu-dm dumps core with the pcnet device. This patches fixes it.

When pcnet_receive calls pcnet_poll, which polls the receive and the send
rings. Whenever there is an element in the send ring that is owned by
the Lance chip it will call pcnet_transmit and send it. When the element
is the endp(acket), pcnet_transmit will copy it out, send the packet
(qemu_send_packet) and then clear the owner bit. Somewherer along the
qemu_send_packet execution path, pcnet_recieve is called again, which
calls pcnet_poll and starts this whole process again. This very rapidly
leads to a stack overflow and crashes qemu.

The fix is simple, stop the recursion. Once the packet is copied into
qemu datatstructure (before qemu_send_packet is called!), the owner bit
on the ring element should be cleared.

Signed-Off-By: Leendert van Doorn <leendert@watson.ibm.com>
tools/ioemu/hw/pcnet.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.