| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 23 Dec 2009 17:10:47 -0500 From: lsorense@...lub.uwaterloo.ca (Lennart Sorensen) To: Anton Vorontsov <avorontsov@...mvista.com> Cc: Lennart Sorensen <lsorense@...lub.uwaterloo.ca>, linux-kernel@...r.kernel.org, linuxppc-dev@...abs.org, netdev@...r.kernel.org, leoli@...escale.com Subject: Re: ucc_geth broken in 2.6.32 by 864fdf884e82bacbe8ca5e93bd43393a61d2e2b4 On Wed, Dec 23, 2009 at 11:22:26PM +0300, Anton Vorontsov wrote: > On Wed, Dec 23, 2009 at 03:09:48PM -0500, Lennart Sorensen wrote: > [...] > > So there result is: > > > > Unable to handle kernel paging request for data at address 0x00000058 > > Faulting instruction address: 0xc024f2fc > > Oops: Kernel access of bad area, sig: 11 [#1] > > RC8360 CM > > Modules linked in: rclibapi xeno_native max6369_wdt ucc_geth_driver spi_mpc8xxx ltc4215 lm75 > > NIP: c024f2fc LR: e30aa0a4 CTR: c024f2e8 > > REGS: df857ca0 TRAP: 0300 Not tainted (2.6.32-trunk-8360e) > > MSR: 00009032 <EE,ME,IR,DR> CR: 44042088 XER: 00000000 > > DAR: 00000058, DSISR: 20000000 > > TASK = df848c90[4] 'events/0' THREAD: df856000 > > GPR00: e30aa0a4 df857d50 df848c90 00000000 00000640 00000001 c0428df4 dfa40b80 > > GPR08: 000000c8 e30ad2b8 df084360 c024f2e8 44042082 1001af90 e30ad2b8 00000000 > > GPR16: 00000048 00000001 00000000 00000000 df08436c df08440c 00000190 df08455c > > GPR24: df0844ec df0842c0 df084000 180005ea dfa40b80 00000000 df0842c0 00000000 > > NIP [c024f2fc] skb_recycle_check+0x14/0x100 > > LR [e30aa0a4] ucc_geth_poll+0xd8/0x4e0 [ucc_geth_driver] > > Call Trace: > > [df857d50] [c000b03c] __ipipe_grab_irq+0x3c/0xa4 (unreliable) > > [df857d60] [e30aa0a4] ucc_geth_poll+0xd8/0x4e0 [ucc_geth_driver] > > This I can reproduce. It seems it's a long standing bug that > becomes easily reproducible with quiesce/activate sequence. > The driver doesn't handle empty queue correctly, i.e. it ignores > the empty queue check if netdev queue is stopped, which makes no > sense. > > Can you try this patch in addition to previous (i.e. both should > be applied)? > > Thanks! > > diff --git a/drivers/net/ucc_geth.c b/drivers/net/ucc_geth.c > index 2f73e3f..b22de51 100644 > --- a/drivers/net/ucc_geth.c > +++ b/drivers/net/ucc_geth.c > @@ -3275,7 +3275,7 @@ static int ucc_geth_tx(struct net_device *dev, u8 txQ) > /* Handle the transmitted buffer and release */ > /* the BD to be used with the current frame */ > > - if ((bd == ugeth->txBd[txQ]) && (netif_queue_stopped(dev) == 0)) > + if (bd == ugeth->txBd[txQ]) /* queue empty? */ > break; > > dev->stats.tx_packets++; That seems to be it. It works now. No more crashes. Those two patches together seem to do the trick. I really hope they can go into 2.6.32-stable then, since this is a regression over 2.6.31 and is hopefully an obvious fix. Now if only my mdio-gpio bitbang one line fix would be accepted. -- Len Sorensen -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists