| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 5 Jul 2011 15:53:53 -0400 From: Neil Horman <nhorman@...driver.com> To: Eric Dumazet <eric.dumazet@...il.com> Cc: Alexey Zaytsev <alexey.zaytsev@...il.com>, Michael Büsch <m@...s.ch>, Andrew Morton <akpm@...ux-foundation.org>, netdev@...r.kernel.org, Gary Zambrano <zambrano@...adcom.com>, bugme-daemon@...zilla.kernel.org, "David S. Miller" <davem@...emloft.net>, Pekka Pietikainen <pp@...oulu.fi>, Florian Schirmer <jolt@...box.org>, Felix Fietkau <nbd@...nwrt.org>, Michael Buesch <mb@...sch.de> Subject: Re: [Bugme-new] [Bug 38102] New: BUG kmalloc-2048: Poison overwritten On Tue, Jul 05, 2011 at 08:45:16PM +0200, Eric Dumazet wrote: > Le mardi 05 juillet 2011 à 20:32 +0200, Eric Dumazet a écrit : > > > Then, maybe the driver model is completely wrong, and should really > > setup 512 buffers, or use less descs but set EOT on last one. > > > > Currently it uses a 200 sliding window out of the 512 descs. > > > > > > One thing we could do would be to allocate a special guard buffer and > set all 'out of window' descriptors to point to this guard buffer, and > periodically check if buffer is dirtied by the card. > > (first word would be enough) > > (instead of setting desc->addr to NULL, set to > dma_map_single(guard_buffer)) > I think this is a goo idea, at least for testing. It seems odd to me that we have the B44_DMARX_PTR value which indicates (ostensibly) the pointer to the descriptor to be processed next (the documentation isnt' very verbose on the subject), along with the EOT bit on a descriptor. It seems like both the register and the bit are capable of conveying the same (or at least overlapping) information. I think what I'm having the most trouble with is understanding when the hw looks at the EOT bit in the descriptor. If it completes a DMA and sees the EOT bit set, does the next DMA occur to the descriptor pointed to by the DMARX_ADDR register? Of does it stall until such time as the DMARX_PTR register is rotated around? What if it doesn't see the EOT bit set? Does it just keep going with the next descriptor? Also, there seems to be some inconsistency in the settnig of the B44_DMARX_PTR register. In bnx2_init_hw its set to the value of bp->rx_pending, which is defined as being 200. But in b44_rx its advanced by sizeof(struct dma_desc) for every iteration. So in b44_init_hw we write the value 200 to it, ostensibly indicating a limit of 200 descriptors, but in b44_rx we iteratively write the values 0, 8, 16, 24...4*n to the register to indicate which descriptor we're indexing? Something really doesn't sit right with me there. In the former case we treat the register as holding number of entries, and in the latter we treat it as holding a byte offset into an array. Or am I missing something? Regards Neil > > > -- > To unsubscribe from this list: send the line "unsubscribe netdev" in > the body of a message to majordomo@...r.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html > -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists