e1000: Fix TCP checksum overflow with TSO

When adding the length to the pseudo header, we're not properly accounting for overflow. From: Mark Wu <dwu@redhat.com> Signed-off-by: N Alex Williamson <alex.williamson@redhat.com> Signed-off-by: N Michael S. Tsirkin <mst@redhat.com>

e1000: Fix TCP checksum overflow with TSO
When adding the length to the pseudo header, we're not properly accounting for overflow. From: Mark Wu <dwu@redhat.com> Signed-off-by: N Alex Williamson <alex.williamson@redhat.com> Signed-off-by: N Michael S. Tsirkin <mst@redhat.com>
1f892feb · Alex Williamson · Anthony Liguori · 27a6375d · 1f892feb
隐藏空白更改
内联并排

Showing with 4 addition and 1 deletion

hw/e1000.c hw/e1000.c +4 -1

未找到文件。
--- a/hw/e1000.c
+++ b/hw/e1000.c
@@ -384,9 +384,12 @@ xmit_seg(E1000State *s)
        } else	// UDP
            cpu_to_be16wu((uint16_t *)(tp->data+css+4), len);
        if (tp->sum_needed & E1000_TXD_POPTS_TXSM) {
+            unsigned int phsum;
            // add pseudo-header length before checksum calculation
            sp = (uint16_t *)(tp->data + tp->tucso);
-            cpu_to_be16wu(sp, be16_to_cpup(sp) + len);
+            phsum = be16_to_cpup(sp) + len;
+            phsum = (phsum >> 16) + (phsum & 0xffff);
+            cpu_to_be16wu(sp, phsum);
        }
        tp->tso_frames++;
    }