lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20091223221047.GH760@caffeine.csclub.uwaterloo.ca>
Date:	Wed, 23 Dec 2009 17:10:47 -0500
From:	lsorense@...lub.uwaterloo.ca (Lennart Sorensen)
To:	Anton Vorontsov <avorontsov@...mvista.com>
Cc:	Lennart Sorensen <lsorense@...lub.uwaterloo.ca>,
	linux-kernel@...r.kernel.org, linuxppc-dev@...abs.org,
	netdev@...r.kernel.org, leoli@...escale.com
Subject: Re: ucc_geth broken in 2.6.32 by
	864fdf884e82bacbe8ca5e93bd43393a61d2e2b4

On Wed, Dec 23, 2009 at 11:22:26PM +0300, Anton Vorontsov wrote:
> On Wed, Dec 23, 2009 at 03:09:48PM -0500, Lennart Sorensen wrote:
> [...]
> > So there result is:
> > 
> > Unable to handle kernel paging request for data at address 0x00000058
> > Faulting instruction address: 0xc024f2fc
> > Oops: Kernel access of bad area, sig: 11 [#1]
> > RC8360 CM
> > Modules linked in: rclibapi xeno_native max6369_wdt ucc_geth_driver spi_mpc8xxx ltc4215 lm75
> > NIP: c024f2fc LR: e30aa0a4 CTR: c024f2e8
> > REGS: df857ca0 TRAP: 0300   Not tainted  (2.6.32-trunk-8360e)
> > MSR: 00009032 <EE,ME,IR,DR>  CR: 44042088  XER: 00000000
> > DAR: 00000058, DSISR: 20000000
> > TASK = df848c90[4] 'events/0' THREAD: df856000
> > GPR00: e30aa0a4 df857d50 df848c90 00000000 00000640 00000001 c0428df4 dfa40b80
> > GPR08: 000000c8 e30ad2b8 df084360 c024f2e8 44042082 1001af90 e30ad2b8 00000000
> > GPR16: 00000048 00000001 00000000 00000000 df08436c df08440c 00000190 df08455c
> > GPR24: df0844ec df0842c0 df084000 180005ea dfa40b80 00000000 df0842c0 00000000
> > NIP [c024f2fc] skb_recycle_check+0x14/0x100
> > LR [e30aa0a4] ucc_geth_poll+0xd8/0x4e0 [ucc_geth_driver]
> > Call Trace:
> > [df857d50] [c000b03c] __ipipe_grab_irq+0x3c/0xa4 (unreliable)
> > [df857d60] [e30aa0a4] ucc_geth_poll+0xd8/0x4e0 [ucc_geth_driver]
> 
> This I can reproduce. It seems it's a long standing bug that
> becomes easily reproducible with quiesce/activate sequence.
> The driver doesn't handle empty queue correctly, i.e. it ignores
> the empty queue check if netdev queue is stopped, which makes no
> sense.
> 
> Can you try this patch in addition to previous (i.e. both should
> be applied)?
> 
> Thanks!
> 
> diff --git a/drivers/net/ucc_geth.c b/drivers/net/ucc_geth.c
> index 2f73e3f..b22de51 100644
> --- a/drivers/net/ucc_geth.c
> +++ b/drivers/net/ucc_geth.c
> @@ -3275,7 +3275,7 @@ static int ucc_geth_tx(struct net_device *dev, u8 txQ)
>  		/* Handle the transmitted buffer and release */
>  		/* the BD to be used with the current frame  */
>  
> -		if ((bd == ugeth->txBd[txQ]) && (netif_queue_stopped(dev) == 0))
> +		if (bd == ugeth->txBd[txQ]) /* queue empty? */
>  			break;
>  
>  		dev->stats.tx_packets++;

That seems to be it.  It works now.  No more crashes.

Those two patches together seem to do the trick.  I really hope they
can go into 2.6.32-stable then, since this is a regression over 2.6.31
and is hopefully an obvious fix.

Now if only my mdio-gpio bitbang one line fix would be accepted.

-- 
Len Sorensen
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ