qemu/hw
Andrey Smirnov 7e354ed4df fsl_etsec: Fix Tx BD ring wrapping handling
Current code that handles Tx buffer desciprtor ring scanning employs the
following algorithm:

	1. Restore current buffer descriptor pointer from TBPTRn

	2. Process current descriptor

	3. If current descriptor has BD_WRAP flag set set current
	   descriptor pointer to start of the descriptor ring

	4. If current descriptor points to start of the ring exit the
	   loop, otherwise increment current descriptor pointer and go
	   to #2

	5. Store current descriptor in TBPTRn

The way the code is implemented results in buffer descriptor ring being
scanned starting at offset/descriptor #0. While covering 99% of the
cases, this algorithm becomes problematic for a number of edge cases.

Consider the following scenario: guest OS driver initializes descriptor
ring to N individual descriptors and starts sending data out. Depending
on the volume of traffic and probably guest OS driver implementation it
is possible that an edge case where a packet, spread across 2
descriptors is placed in descriptors N - 1 and 0 in that order(it is
easy to imagine similar examples involving more than 2 descriptors).

What happens then is aforementioned algorithm starts at descriptor 0,
sees a descriptor marked as BD_LAST, which it happily sends out as a
separate packet(very much malformed at this point) then the iteration
continues and the first part of the original packet is tacked to the
next transmission which ends up being bogus as well.

This behvaiour can be pretty reliably observed when scp'ing data from a
guest OS via TAP interface for files larger than 160K (every time for
700K+).

This patch changes the scanning algorithm to do the following:

	1. Restore "current" buffer descriptor pointer from
	   TBPTRn

	2. If "current" descriptor does not have BD_TX_READY set, goto #6

	3. Process current descriptor

	4. If "current" descriptor has BD_WRAP flag set "current"
	   descriptor pointer to start of the descriptor ring otherwise
	   set increment "current" by the size of one descriptor

	5. Goto #1

	6. Save "current" buffer descriptor in TBPTRn

This way we preserve the information about which descriptor was
processed last and always start where we left off avoiding the original
problem. On top of that, judging by the following excerpt from
MPC8548ERM (p. 14-48):

"... When the end of the TxBD ring is reached, eTSEC initializes TBPTRn
to the value in the corresponding TBASEn. The TBPTR register is
internally written by the eTSEC’s DMA controller during
transmission. The pointer increments by eight (bytes) each time a
descriptor is closed successfully by the eTSEC..."

revised algorithm might also a more correct way of emulating this aspect
of eTSEC peripheral.

Cc: Alexander Graf <agraf@suse.de>
Cc: Scott Wood <scottwood@freescale.com>
Cc: Jason Wang <jasowang@redhat.com>
Cc: qemu-devel@nongnu.org
Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2017-01-06 10:38:21 +08:00
..
9pfs 9pfs: fix P9_NOTAG and P9_NOFID macros 2017-01-03 17:28:44 +01:00
acpi nvdimm acpi: introduce NVDIMM_DSM_MEMORY_SIZE 2016-11-15 17:20:37 +02:00
adc STM32F2xx: Add the ADC device 2016-10-04 13:28:07 +01:00
alpha Move target-* CPU file into a target/ folder 2016-12-20 21:52:12 +01:00
arm hw/i2c: Add a NULL check for i2c slave init callbacks 2016-12-27 14:59:29 +00:00
audio migration/pcspk: Add a property to state if pcspk is migrated 2016-11-28 16:45:12 +01:00
block virtio-blk: suppress virtqueue kick during processing 2017-01-03 16:38:49 +00:00
bt char: replace avail_connections 2016-10-24 15:46:10 +02:00
char cadence_uart: Check if receiver timeout counter is disabled 2016-12-27 14:59:23 +00:00
core loader: fix undefined behavior in rom_order_compare() 2016-11-30 04:22:18 +02:00
cpu cpu: Abstract CPU core type 2016-06-17 16:33:48 +10:00
cris cris: Fix broken header guard in hw/cris/boot.h 2016-07-12 16:20:46 +02:00
display virtio-gpu: fix memory leak in resource attach backing 2017-01-03 15:47:21 +01:00
dma hw/dma/pl080: Fix bad bit mask (PL080_CONF_M1 | PL080_CONF_M1) 2016-10-17 19:22:17 +01:00
gpio i.MX: Fix GPIO ISR register write 2016-10-28 15:51:27 +01:00
i2c hw/i2c: Add a NULL check for i2c slave init callbacks 2016-12-27 14:59:29 +00:00
i386 kvmclock: reduce kvmclock difference on migration 2016-12-22 16:00:56 +01:00
ide atapi: classify read_cd as conditionally returning data 2016-11-14 11:15:54 -05:00
input hw/input/hid: support alternative sysrq/break scancodes for gtk-vnc 2016-11-10 15:29:58 +00:00
intc hw/intc/arm_gicv3: Don't signal Pending+Active interrupts to CPU 2016-12-27 14:59:25 +00:00
ipack ipack: Update e-mail address 2016-05-18 15:04:27 +03:00
ipmi ipmi: fix qemu crash while migrating with ipmi 2016-11-18 17:50:09 +02:00
isa char: remove init callback 2016-10-24 15:27:20 +02:00
lm32 loader: fix handling of custom address spaces when adding ROM blobs 2016-11-30 04:20:57 +02:00
m68k m68k: change default system clock for m5208evb 2016-10-08 11:25:29 +03:00
mem pc: memhp: enable nvdimm device hotplug 2016-11-01 19:21:09 +02:00
microblaze clean-up: removed duplicate #includes 2016-10-28 18:17:24 +03:00
mips clean-up: removed duplicate #includes 2016-10-28 18:17:24 +03:00
misc aspeed/scu: fix SCU region size 2016-12-27 14:59:28 +00:00
moxie hw: explicitly include qemu-common.h and cpu.h 2016-03-22 22:20:17 +01:00
net fsl_etsec: Fix Tx BD ring wrapping handling 2017-01-06 10:38:21 +08:00
nvram fw_cfg: move FW_CFG_NB_CPUS out of fw_cfg_init1() 2016-11-16 12:09:58 -02:00
openrisc hw: explicitly include qemu-common.h and cpu.h 2016-03-22 22:20:17 +01:00
pci trace-events: fix first line comment in trace-events 2016-08-12 10:36:01 +01:00
pci-bridge clean-up: removed duplicate #includes 2016-10-28 18:17:24 +03:00
pci-host ppc: Make uninorth interrupt swizzling identical to Grackle 2016-11-23 12:00:48 +11:00
pcmcia hw: Clean up includes 2016-01-29 15:07:25 +00:00
ppc Move target-* CPU file into a target/ folder 2016-12-20 21:52:12 +01:00
s390x virtio: allow per-device-class legacy features 2016-11-15 17:20:36 +02:00
scsi virtio-scsi: suppress virtqueue kick during processing 2017-01-03 16:38:49 +00:00
sd vmstateify ssi-sd 2016-09-22 18:13:08 +01:00
sh4 Move target-* CPU file into a target/ folder 2016-12-20 21:52:12 +01:00
smbios smbios: fix uuid copy 2016-09-29 11:43:22 +08:00
sparc fw_cfg: move FW_CFG_NB_CPUS out of fw_cfg_init1() 2016-11-16 12:09:58 -02:00
sparc64 fw_cfg: move FW_CFG_NB_CPUS out of fw_cfg_init1() 2016-11-16 12:09:58 -02:00
ssi aspeed/smc: improve segment register support 2016-12-27 14:59:28 +00:00
timer hw/i2c: Add a NULL check for i2c slave init callbacks 2016-12-27 14:59:29 +00:00
tpm clean-up: removed duplicate #includes 2016-10-28 18:17:24 +03:00
tricore tricore: remove useless cast 2016-09-15 15:32:22 +03:00
unicore32 clean-up: removed duplicate #includes 2016-10-28 18:17:24 +03:00
usb xen: attach pvusb usb bus to backend qdev 2016-11-22 10:29:41 -08:00
vfio vfio: Add support for mmapping sub-page MMIO BARs 2016-10-31 09:53:04 -06:00
virtio virtio: disable virtqueue notifications during polling 2017-01-03 16:38:50 +00:00
watchdog watchdog: 6300esb: add exit function 2016-12-22 16:00:23 +01:00
xen xen: create qdev for each backend device 2016-11-22 10:29:39 -08:00
xenpv xenpv: Fix qemu_uuid compiling error 2016-09-29 11:43:17 +08:00
xtensa char: remove init callback 2016-10-24 15:27:20 +02:00
Makefile.objs STM32F2xx: Add the ADC device 2016-10-04 13:28:07 +01:00