https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=195924
Bug ID: 195924
Summary: IXGBE watchdog bug causes crash.
Product: Base System
Version: 10.1-STABLE
Hardware: Any
OS: Any
Status: New
Severity: Affects Only Me
Priority: ---
Component: kern
Assignee: freebsd-bugs@FreeBSD.org
Reporter: liangyi...@163.com
When ixgbe driver reset hardware in timer function, it will crash sometime. In
ixgbe.c ixgbe_local_timer function. The code before goto watchdog segment:
for (int i = 0; i < adapter->num_queues; i++, que++, txr++) {
if ((txr->queue_status == IXGBE_QUEUE_HUNG) &&
(paused == 0))
++hung;
else if (txr->queue_status == IXGBE_QUEUE_WORKING)
taskqueue_enqueue(que->tq, &txr->txq_task);
}
/* Only truely watchdog if all queues show hung */
if (hung == adapter->num_queues)
goto watchdog;
Before goto watchdog, pointer tar is out of bounds, so any access to pointer
txr will cause a buffer overflow problem. The bug exists in Release 9 and
Release 10. To fix this problem, I suggest reset txr in watchdog segment.
watchdog:
+ txr = adapter->tx_rings;
The same bug maybe exists in if_igb.c.
--
You are receiving this mail because:
You are the assignee for the bug.
_______________________________________________
freebsd-bugs@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-bugs
To unsubscribe, send any mail to "freebsd-bugs-unsubscr...@freebsd.org"
