From patchwork Tue Aug 28 06:23:37 2012
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: Fix buffer run out in eepro100.
Date: Mon, 27 Aug 2012 20:23:37 -0000
From: Bo Yang <boyang@suse.com>
X-Patchwork-Id: 180335
Message-Id: <1346135017-5975-1-git-send-email-boyang@suse.com>
To: qemu-devel@nongnu.org

The guest may enter into state of no receive descriptors,
and if there is no interrupt, the descriptor filling function
has no chance to run again,which causes network stall. According
to liunux driver's implementation, the descriptor with EL bit set
must not be touched by hardware, usually, the buffer size of this
descriptor is set to 0.

Signed-off-by: Bo Yang <boyang@suse.com>

---
hw/eepro100.c |   21 +++++++++++++++------
 1 files changed, 15 insertions(+), 6 deletions(-)

diff --git a/hw/eepro100.c b/hw/eepro100.c
index 50d117e..e0efd96 100644
--- a/hw/eepro100.c
+++ b/hw/eepro100.c
@@ -1619,8 +1619,13 @@ static const MemoryRegionOps eepro100_ops = {
 static int nic_can_receive(NetClientState *nc)
 {
     EEPRO100State *s = DO_UPCAST(NICState, nc, nc)->opaque;
+    ru_state_t state;
     TRACE(RXTX, logout("%p\n", s));
-    return get_ru_state(s) == ru_ready;
+    state = get_ru_state(s);
+    if (state == ru_no_resources) {
+	eepro100_rnr_interrupt(s);
+    }
+    return state == ru_ready;
 #if 0
     return !eepro100_buffer_full(s);
 #endif
@@ -1732,6 +1737,15 @@ static ssize_t nic_receive(NetClientState *nc, const uint8_t * buf, size_t size)
                  &rx, sizeof(eepro100_rx_t));
     uint16_t rfd_command = le16_to_cpu(rx.command);
     uint16_t rfd_size = le16_to_cpu(rx.size);
+    /* don't touch the rx descriptor with EL set. */
+    if (rfd_command & COMMAND_EL) {
+        /* EL bit is set, so this was the last frame. */
+        logout("receive: Running out of frames\n");
+        set_ru_state(s, ru_no_resources);
+        s->statistics.rx_resource_errors++;
+	eepro100_rnr_interrupt(s);
+	return -1;
+    }
 
     if (size > rfd_size) {
         logout("Receive buffer (%" PRId16 " bytes) too small for data "
@@ -1767,11 +1781,6 @@ static ssize_t nic_receive(NetClientState *nc, const uint8_t * buf, size_t size)
     s->statistics.rx_good_frames++;
     eepro100_fr_interrupt(s);
     s->ru_offset = le32_to_cpu(rx.link);
-    if (rfd_command & COMMAND_EL) {
-        /* EL bit is set, so this was the last frame. */
-        logout("receive: Running out of frames\n");
-        set_ru_state(s, ru_suspended);
-    }
     if (rfd_command & COMMAND_S) {
         /* S bit is set. */
         set_ru_state(s, ru_suspended);