diff options
Diffstat (limited to 'main/xen/xsa41.patch')
| -rw-r--r-- | main/xen/xsa41.patch | 72 |
1 files changed, 72 insertions, 0 deletions
diff --git a/main/xen/xsa41.patch b/main/xen/xsa41.patch new file mode 100644 index 0000000000..782183946d --- /dev/null +++ b/main/xen/xsa41.patch @@ -0,0 +1,72 @@ +From b0d9ffcd0251161c7c92f94804dcf599dfa3edeb Mon Sep 17 00:00:00 2001 +From: Michael Contreras <michael@inetric.com> +Date: Sun, 2 Dec 2012 20:11:22 -0800 +Subject: [PATCH] e1000: Discard packets that are too long if !SBP and !LPE + +The e1000_receive function for the e1000 needs to discard packets longer than +1522 bytes if the SBP and LPE flags are disabled. The linux driver assumes +this behavior and allocates memory based on this assumption. + +Signed-off-by: Michael Contreras <michael@inetric.com> +Signed-off-by: Anthony Liguori <aliguori@us.ibm.com> +--- + +diff --git a/tools/qemu-xen/hw/e1000.c b/tools/qemu-xen/hw/e1000.c +index cb7e7e8..5537ad2 100644 +--- a/tools/qemu-xen/hw/e1000.c ++++ b/tools/qemu-xen/hw/e1000.c +@@ -59,6 +59,9 @@ static int debugflags = DBGBIT(TXERR) | DBGBIT(GENERAL); + #define PNPMMIO_SIZE 0x20000 + #define MIN_BUF_SIZE 60 /* Min. octets in an ethernet frame sans FCS */ + ++/* this is the size past which hardware will drop packets when setting LPE=0 */ ++#define MAXIMUM_ETHERNET_VLAN_SIZE 1522 ++ + /* + * HW models: + * E1000_DEV_ID_82540EM works with Windows and Linux +@@ -805,6 +808,13 @@ e1000_receive(NetClientState *nc, const uint8_t *buf, size_t size) + size = sizeof(min_buf); + } + ++ /* Discard oversized packets if !LPE and !SBP. */ ++ if (size > MAXIMUM_ETHERNET_VLAN_SIZE ++ && !(s->mac_reg[RCTL] & E1000_RCTL_LPE) ++ && !(s->mac_reg[RCTL] & E1000_RCTL_SBP)) { ++ return size; ++ } ++ + if (!receive_filter(s, buf, size)) + return size; + +diff --git a/tools/qemu-xen-traditional/hw/e1000.c b/tools/qemu-xen-traditional/hw/e1000.c +index cb7e7e8..5537ad2 100644 +--- a/tools/qemu-xen-traditional/hw/e1000.c ++++ b/tools/qemu-xen-traditional/hw/e1000.c +@@ -59,6 +59,9 @@ static int debugflags = DBGBIT(TXERR) | DBGBIT(GENERAL); + #define PNPMMIO_SIZE 0x20000 + #define MIN_BUF_SIZE 60 /* Min. octets in an ethernet frame sans FCS */ + ++/* this is the size past which hardware will drop packets when setting LPE=0 */ ++#define MAXIMUM_ETHERNET_VLAN_SIZE 1522 ++ + /* + * HW models: + * E1000_DEV_ID_82540EM works with Windows and Linux +@@ -805,6 +808,13 @@ e1000_receive(NetClientState *nc, const uint8_t *buf, size_t size) + size = sizeof(min_buf); + } + ++ /* Discard oversized packets if !LPE and !SBP. */ ++ if (size > MAXIMUM_ETHERNET_VLAN_SIZE ++ && !(s->mac_reg[RCTL] & E1000_RCTL_LPE) ++ && !(s->mac_reg[RCTL] & E1000_RCTL_SBP)) { ++ return size; ++ } ++ + if (!receive_filter(s, buf, size)) + return size; + +-- +1.7.0.4 + |