From patchwork Wed Oct 26 02:24:08 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Wang X-Patchwork-Id: 9395829 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 0297D600BA for ; Wed, 26 Oct 2016 02:35:39 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 0604D2974E for ; Wed, 26 Oct 2016 02:35:39 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id EEB1B29733; Wed, 26 Oct 2016 02:35:38 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 1418529761 for ; Wed, 26 Oct 2016 02:35:38 +0000 (UTC) Received: from localhost ([::1]:59254 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bzE41-0000D4-Cv for patchwork-qemu-devel@patchwork.kernel.org; Tue, 25 Oct 2016 22:35:37 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:37376) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bzDtM-0000Tq-Cs for qemu-devel@nongnu.org; Tue, 25 Oct 2016 22:24:37 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1bzDtL-0000dT-ES for qemu-devel@nongnu.org; Tue, 25 Oct 2016 22:24:36 -0400 Received: from mx1.redhat.com ([209.132.183.28]:43740) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1bzDtL-0000dP-97 for qemu-devel@nongnu.org; Tue, 25 Oct 2016 22:24:35 -0400 Received: from int-mx13.intmail.prod.int.phx2.redhat.com (int-mx13.intmail.prod.int.phx2.redhat.com [10.5.11.26]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 60838C04B31F; Wed, 26 Oct 2016 02:24:34 +0000 (UTC) Received: from jason-ThinkPad-T450s.redhat.com (vpn1-4-153.pek2.redhat.com [10.72.4.153]) by int-mx13.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id u9Q2ODrU012588; Tue, 25 Oct 2016 22:24:31 -0400 From: Jason Wang To: qemu-devel@nongnu.org, peter.maydell@linaro.org Date: Wed, 26 Oct 2016 10:24:08 +0800 Message-Id: <1477448651-4474-7-git-send-email-jasowang@redhat.com> In-Reply-To: <1477448651-4474-1-git-send-email-jasowang@redhat.com> References: <1477448651-4474-1-git-send-email-jasowang@redhat.com> X-Scanned-By: MIMEDefang 2.68 on 10.5.11.26 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.31]); Wed, 26 Oct 2016 02:24:34 +0000 (UTC) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 209.132.183.28 Subject: [Qemu-devel] [PULL 6/9] e1000e: Don't zero out buffer address in rx descriptor X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Jason Wang , Kevin Wolf Errors-To: qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Sender: "Qemu-devel" X-Virus-Scanned: ClamAV using ClamSMTP From: Kevin Wolf The e1000e emulation zeroes out any used rx descriptor and then writes a completely newly constructed value there. By doing this, it doesn't only update the write-back area of the descriptors (as it's supposed to do), but it also clears the buffer address, which real hardware doesn't do. The spec explicitly mentions in chapter 7.1.8 that it is valid for a driver to reuse a descriptor and only update the status field while doing so, i.e. reusing the old buffer address: If software statically allocates buffers, and uses memory read to check for completed descriptors, it simply has to zero the status byte in the descriptor to make it ready for reuse by hardware. This patch fixes the behaviour to leave the buffer address in descriptors unchanged even after the descriptor has been used. Signed-off-by: Kevin Wolf Reviewed-by: Dmitry Fleytman Signed-off-by: Jason Wang --- hw/net/e1000e_core.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/hw/net/e1000e_core.c b/hw/net/e1000e_core.c index 6505983..2b11499 100644 --- a/hw/net/e1000e_core.c +++ b/hw/net/e1000e_core.c @@ -1278,11 +1278,10 @@ e1000e_write_lgcy_rx_descr(E1000ECore *core, uint8_t *desc, struct e1000_rx_desc *d = (struct e1000_rx_desc *) desc; - memset(d, 0, sizeof(*d)); - assert(!rss_info->enabled); d->length = cpu_to_le16(length); + d->csum = 0; e1000e_build_rx_metadata(core, pkt, pkt != NULL, rss_info, @@ -1291,6 +1290,7 @@ e1000e_write_lgcy_rx_descr(E1000ECore *core, uint8_t *desc, &d->special); d->errors = (uint8_t) (le32_to_cpu(status_flags) >> 24); d->status = (uint8_t) le32_to_cpu(status_flags); + d->special = 0; } static inline void @@ -1301,7 +1301,7 @@ e1000e_write_ext_rx_descr(E1000ECore *core, uint8_t *desc, { union e1000_rx_desc_extended *d = (union e1000_rx_desc_extended *) desc; - memset(d, 0, sizeof(*d)); + memset(&d->wb, 0, sizeof(d->wb)); d->wb.upper.length = cpu_to_le16(length); @@ -1325,7 +1325,7 @@ e1000e_write_ps_rx_descr(E1000ECore *core, uint8_t *desc, union e1000_rx_desc_packet_split *d = (union e1000_rx_desc_packet_split *) desc; - memset(d, 0, sizeof(*d)); + memset(&d->wb, 0, sizeof(d->wb)); d->wb.middle.length0 = cpu_to_le16((*written)[0]);