From 55efb365191635d9839600f1f44502769e66aabf Mon Sep 17 00:00:00 2001 From: =?utf8?q?C=C3=A9dric=20Le=20Goater?= Date: Thu, 30 Jan 2020 16:02:02 +0000 Subject: [PATCH] ftgmac100: check RX and TX buffer alignment MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit These buffers should be aligned on 16 bytes. Ignore invalid RX and TX buffer addresses and log an error. All incoming and outgoing traffic will be dropped because no valid RX or TX descriptors will be available. Signed-off-by: Cédric Le Goater Message-id: 20200114103433.30534-4-clg@kaod.org Reviewed-by: Peter Maydell Signed-off-by: Peter Maydell --- hw/net/ftgmac100.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/hw/net/ftgmac100.c b/hw/net/ftgmac100.c index 4ad2594d3a..2f92b65d4e 100644 --- a/hw/net/ftgmac100.c +++ b/hw/net/ftgmac100.c @@ -198,6 +198,8 @@ typedef struct { uint32_t des3; } FTGMAC100Desc; +#define FTGMAC100_DESC_ALIGNMENT 16 + /* * Specific RTL8211E MII Registers */ @@ -722,6 +724,12 @@ static void ftgmac100_write(void *opaque, hwaddr addr, s->itc = value; break; case FTGMAC100_RXR_BADR: /* Ring buffer address */ + if (!QEMU_IS_ALIGNED(value, FTGMAC100_DESC_ALIGNMENT)) { + qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad RX buffer alignment 0x%" + HWADDR_PRIx "\n", __func__, value); + return; + } + s->rx_ring = value; s->rx_descriptor = s->rx_ring; break; @@ -731,6 +739,11 @@ static void ftgmac100_write(void *opaque, hwaddr addr, break; case FTGMAC100_NPTXR_BADR: /* Transmit buffer address */ + if (!QEMU_IS_ALIGNED(value, FTGMAC100_DESC_ALIGNMENT)) { + qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad TX buffer alignment 0x%" + HWADDR_PRIx "\n", __func__, value); + return; + } s->tx_ring = value; s->tx_descriptor = s->tx_ring; break; -- 2.11.4.GIT