lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20091204111346.GL15126@pengutronix.de>
Date:	Fri, 4 Dec 2009 12:13:46 +0100
From:	Sascha Hauer <s.hauer@...gutronix.de>
To:	Amit Kucheria <amit.kucheria@...onical.com>
Cc:	List Linux Kernel <linux-kernel@...r.kernel.org>,
	Rob Herring <r.herring@...escale.com>,
	"David S. Miller" <davem@...emloft.net>, netdev@...r.kernel.org,
	linux-arm-kernel@...ts.infradead.org, valentin.longchamp@...l.ch,
	daniel@...aq.de, grant.likely@...retlab.ca,
	Dinh.Nguyen@...escale.com
Subject: Re: [RFC][PATCH 06/10] fec: fix uninitialized rx buffer usage

On Fri, Dec 04, 2009 at 04:47:06AM +0200, Amit Kucheria wrote:
> From: Rob Herring <r.herring@...escale.com>
> 
> The fec driver was enabling receive buffer descriptor without allocating
> the buffers. Make sure the buffer descriptors are initialized to not
> start receiving packets.
> 
> Signed-off-by: Rob Herring <r.herring@...escale.com>
> Signed-off-by: Amit Kucheria <amit.kucheria@...onical.com>
> Cc: David S. Miller <davem@...emloft.net>
> Cc: netdev@...r.kernel.org
> ---
>  drivers/net/fec.c |   57 +++++++++++++++++++++++++++--------------------------
>  1 files changed, 29 insertions(+), 28 deletions(-)
> 
> diff --git a/drivers/net/fec.c b/drivers/net/fec.c
> index 16a1d58..9a8743d 100644
> --- a/drivers/net/fec.c
> +++ b/drivers/net/fec.c
> @@ -1658,6 +1658,7 @@ static int fec_enet_init(struct net_device *dev, int index)
>  {
>  	struct fec_enet_private *fep = netdev_priv(dev);
>  	struct bufdesc *cbd_base;
> +	struct bufdesc *bdp;
>  	int i;
>  
>  	/* Allocate memory for buffer descriptors. */
> @@ -1710,6 +1711,34 @@ static int fec_enet_init(struct net_device *dev, int index)
>  	/* Set MII speed to 2.5 MHz */
>  	fep->phy_speed = ((((clk_get_rate(fep->clk) / 2 + 4999999)
>  					/ 2500000) / 2) & 0x3F) << 1;
> +
> +	/* Initialize the receive buffer descriptors. */
> +	bdp = fep->rx_bd_base;
> +	for (i = 0; i < RX_RING_SIZE; i++) {
> +
> +		/* Initialize the BD for every fragment in the page. */
> +		bdp->cbd_sc = 0;
> +		bdp++;
> +	}
> +
> +	/* Set the last buffer to wrap */
> +	bdp--;
> +	bdp->cbd_sc |= BD_SC_WRAP;
> +
> +	/* ...and the same for transmit */
> +	bdp = fep->tx_bd_base;
> +	for (i = 0; i < TX_RING_SIZE; i++) {
> +
> +		/* Initialize the BD for every fragment in the page. */
> +		bdp->cbd_sc = 0;
> +		bdp->cbd_bufaddr = 0;
> +		bdp++;
> +	}
> +
> +	/* Set the last buffer to wrap */
> +	bdp--;
> +	bdp->cbd_sc |= BD_SC_WRAP;
> +
>  	fec_restart(dev, 0);

I do not really understand why this patch is needed. You move the buffer
initialisation from fec_restart to fec_enet_init, but fec_restart is
called directly after the initialisation, so this shouldn't change much.

I don't need this patch on my boards, so I wonder what is really going
wrong here.

Sascha


>  
>  	/* Queue up command to detect the PHY and initialize the
> @@ -1730,7 +1759,6 @@ static void
>  fec_restart(struct net_device *dev, int duplex)
>  {
>  	struct fec_enet_private *fep = netdev_priv(dev);
> -	struct bufdesc *bdp;
>  	int i;
>  
>  	/* Whack a reset.  We should wait for this. */
> @@ -1768,33 +1796,6 @@ fec_restart(struct net_device *dev, int duplex)
>  		}
>  	}
>  
> -	/* Initialize the receive buffer descriptors. */
> -	bdp = fep->rx_bd_base;
> -	for (i = 0; i < RX_RING_SIZE; i++) {
> -
> -		/* Initialize the BD for every fragment in the page. */
> -		bdp->cbd_sc = BD_ENET_RX_EMPTY;
> -		bdp++;
> -	}
> -
> -	/* Set the last buffer to wrap */
> -	bdp--;
> -	bdp->cbd_sc |= BD_SC_WRAP;
> -
> -	/* ...and the same for transmit */
> -	bdp = fep->tx_bd_base;
> -	for (i = 0; i < TX_RING_SIZE; i++) {
> -
> -		/* Initialize the BD for every fragment in the page. */
> -		bdp->cbd_sc = 0;
> -		bdp->cbd_bufaddr = 0;
> -		bdp++;
> -	}
> -
> -	/* Set the last buffer to wrap */
> -	bdp--;
> -	bdp->cbd_sc |= BD_SC_WRAP;
> -
>  	/* Enable MII mode */
>  	if (duplex) {
>  		/* MII enable / FD enable */
> -- 
> 1.6.3.3
> 
> 

-- 
Pengutronix e.K.                           |                             |
Industrial Linux Solutions                 | http://www.pengutronix.de/  |
Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ