On Wed, Nov 15, 2000 at 05:31:27AM +0100, Jes Sorensen wrote:
> >>>>> "Val" == Val Henson <[EMAIL PROTECTED]> writes:
> Val> Jes, I just downloaded the 0.48 acenic driver and it still has a
> Val> reproducible null dereference bug. Anyone can oops their machine
> Val> by doing:
>
> Bugger I think I lost your patch in the noise. Sorry about that, it'll
> be in the next version.
>
> Val> ifconfig <gige> mtu 9000 ping -f -s 60000 <remote gige host>
> Val> ifconfig <gige> mtu 1500 ping -f -s 60000 <remote gige host>
>
> Val> I don't have a fix for this.
>
> Hmmm could be a firmware issue, I'll need to look at it. It is however
> a kind of bug that only root can cause deliberately. Doing ifconfig
> mtu foo ; ifconfig mtu bar is a little far from normal operation ;-)
It seems like it's caused by the driver trying to
do things while it's still setting up the rings.
static void ace_rx_int(struct net_device *dev, u32 rxretprd, u32 rxretcsm)
{
...
rip = &ap->skb->rx_jumbo_skbuff[skbidx];
...
skb = rip->skb;
skb_put(skb, retdesc->size); /* crash here */
...
}
while the driver might be doing this at the same time:
for (i = 0; i < RX_JUMBO_RING_ENTRIES; i++) {
if (ap->skb->rx_jumbo_skbuff[i].skb) {
ap->rx_jumbo_ring[i].size = 0;
set_aceaddr(&ap->rx_jumbo_ring[i].addr,
dev_kfree_skb(ap->skb->rx_jumbo_skbuff[i].skb);
ap->skb->rx_jumbo_skbuff[i].skb = NULL;
}
}
--
Pekka Pietikainen
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
Please read the FAQ at http://www.tux.org/lkml/
