lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <4B6F7D3F.2020303@snapgear.com>
Date:	Mon, 08 Feb 2010 12:55:59 +1000
From:	Greg Ungerer <gerg@...pgear.com>
To:	Amit Kucheria <amit.kucheria@...onical.com>
CC:	List Linux Kernel <linux-kernel@...r.kernel.org>,
	Rob Herring <r.herring@...escale.com>, davem@...emloft.net,
	netdev@...r.kernel.org, s.hauer@...gutronix.de, gerg@...inux.org,
	u.kleine-koenig@...gutronix.de, amit.kucheria@...durent.com
Subject: Re: [PATCH 1/3] fec: fix uninitialized rx buffer usage

Amit Kucheria wrote:
> From: Rob Herring <r.herring@...escale.com>
> 
> The fec driver was enabling receive buffer descriptor without allocating
> the buffers. Make sure the buffer descriptors are initialized to not
> start receiving packets.
> 
> Open also calls fec_restart after the rx buffers are allocated. With the code
> in fec_restart, it zeroes out the buffer descriptors that have just been
> setup.
> 
> Signed-off-by: Rob Herring <r.herring@...escale.com>
> Signed-off-by: Amit Kucheria <amit.kucheria@...onical.com>
> Acked-by: Grant Likely <grant.likely@...retlab.ca>

Acked-by: Greg Ungerer <gerg@...inux.org>


> ---
>  drivers/net/fec.c |   57 +++++++++++++++++++++++++++--------------------------
>  1 files changed, 29 insertions(+), 28 deletions(-)
> 
> diff --git a/drivers/net/fec.c b/drivers/net/fec.c
> index 16a1d58..9a8743d 100644
> --- a/drivers/net/fec.c
> +++ b/drivers/net/fec.c
> @@ -1658,6 +1658,7 @@ static int fec_enet_init(struct net_device *dev, int index)
>  {
>  	struct fec_enet_private *fep = netdev_priv(dev);
>  	struct bufdesc *cbd_base;
> +	struct bufdesc *bdp;
>  	int i;
>  
>  	/* Allocate memory for buffer descriptors. */
> @@ -1710,6 +1711,34 @@ static int fec_enet_init(struct net_device *dev, int index)
>  	/* Set MII speed to 2.5 MHz */
>  	fep->phy_speed = ((((clk_get_rate(fep->clk) / 2 + 4999999)
>  					/ 2500000) / 2) & 0x3F) << 1;
> +
> +	/* Initialize the receive buffer descriptors. */
> +	bdp = fep->rx_bd_base;
> +	for (i = 0; i < RX_RING_SIZE; i++) {
> +
> +		/* Initialize the BD for every fragment in the page. */
> +		bdp->cbd_sc = 0;
> +		bdp++;
> +	}
> +
> +	/* Set the last buffer to wrap */
> +	bdp--;
> +	bdp->cbd_sc |= BD_SC_WRAP;
> +
> +	/* ...and the same for transmit */
> +	bdp = fep->tx_bd_base;
> +	for (i = 0; i < TX_RING_SIZE; i++) {
> +
> +		/* Initialize the BD for every fragment in the page. */
> +		bdp->cbd_sc = 0;
> +		bdp->cbd_bufaddr = 0;
> +		bdp++;
> +	}
> +
> +	/* Set the last buffer to wrap */
> +	bdp--;
> +	bdp->cbd_sc |= BD_SC_WRAP;
> +
>  	fec_restart(dev, 0);
>  
>  	/* Queue up command to detect the PHY and initialize the
> @@ -1730,7 +1759,6 @@ static void
>  fec_restart(struct net_device *dev, int duplex)
>  {
>  	struct fec_enet_private *fep = netdev_priv(dev);
> -	struct bufdesc *bdp;
>  	int i;
>  
>  	/* Whack a reset.  We should wait for this. */
> @@ -1768,33 +1796,6 @@ fec_restart(struct net_device *dev, int duplex)
>  		}
>  	}
>  
> -	/* Initialize the receive buffer descriptors. */
> -	bdp = fep->rx_bd_base;
> -	for (i = 0; i < RX_RING_SIZE; i++) {
> -
> -		/* Initialize the BD for every fragment in the page. */
> -		bdp->cbd_sc = BD_ENET_RX_EMPTY;
> -		bdp++;
> -	}
> -
> -	/* Set the last buffer to wrap */
> -	bdp--;
> -	bdp->cbd_sc |= BD_SC_WRAP;
> -
> -	/* ...and the same for transmit */
> -	bdp = fep->tx_bd_base;
> -	for (i = 0; i < TX_RING_SIZE; i++) {
> -
> -		/* Initialize the BD for every fragment in the page. */
> -		bdp->cbd_sc = 0;
> -		bdp->cbd_bufaddr = 0;
> -		bdp++;
> -	}
> -
> -	/* Set the last buffer to wrap */
> -	bdp--;
> -	bdp->cbd_sc |= BD_SC_WRAP;
> -
>  	/* Enable MII mode */
>  	if (duplex) {
>  		/* MII enable / FD enable */


-- 
------------------------------------------------------------------------
Greg Ungerer  --  Principal Engineer        EMAIL:     gerg@...pgear.com
SnapGear Group, McAfee                      PHONE:       +61 7 3435 2888
8 Gardner Close                             FAX:         +61 7 3217 5323
Milton, QLD, 4064, Australia                WEB: http://www.SnapGear.com
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ