lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 01 Jun 2021 13:53:58 +0300
From:   Nikolai Zhubr <zhubr.2@...il.com>
To:     Arnd Bergmann <arnd@...nel.org>
CC:     Heiner Kallweit <hkallweit1@...il.com>,
        netdev <netdev@...r.kernel.org>, Jeff Garzik <jgarzik@...ox.com>
Subject: Re: Realtek 8139 problem on 486.

Hi all,

01.06.2021 10:20, Arnd Bergmann:
[...]
>> What was discussed here 16 yrs ago should sound familiar to you.
>> https://www.mail-archive.com/linux-kernel@vger.kernel.org/msg92234.html
>> "It was an option in my BIOS PCI level/edge settings as I posted."
>> You could check whether you have same/similar option in your BIOS
>> and play with it.

Yes indeed, this motherboard does have such an option, and it defaulted 
to "Edge", which apparently is not what PCI device normally expects.
Changing it to "Level" made unmodified kernel 2.6.4 work fine.
And 8259A.pl comfirms this, too.

Before:
# ./8259A.pl
irq 0: 00, edge
irq 1: 00, edge
irq 2: 00, edge
irq 3: 00, edge
irq 4: 00, edge
irq 5: 00, edge
irq 6: 00, edge
irq 7: 00, edge
irq 8: 00, edge
irq 9: 00, edge
irq 10: 00, edge
irq 11: 00, edge
irq 12: 00, edge
irq 13: 00, edge
irq 14: 00, edge
irq 15: 00, edge

After:
# ./8259A.pl
irq 0: 00, edge
irq 1: 00, edge
irq 2: 00, edge
irq 3: 00, edge
irq 4: 00, edge
irq 5: 00, edge
irq 6: 00, edge
irq 7: 00, edge
irq 8: 06, edge
irq 9: 06, level
irq 10: 06, level
irq 11: 06, edge
irq 12: 06, edge
irq 13: 06, edge
irq 14: 06, edge
irq 15: 06, edge

> So it appears that the interrupt is lost if new TX events come in after the
> status register is read, and that checking it again manages to make that
> race harder to hit, but maybe not reliably.

It looks like incorrect IRQ triggering mode makes 2 or more IRQs merge 
into one, kind of. However, if I understand this 8139 operation logic 
correctly, the possible max number of signaled events in one go is 
limited by the number of tx/rx descriptors and can not grow beyond it 
while inside the interrupt handler in any case. If so, using the loop 
would seem not that bad, and the limit would be certainly not 20 but 
max(NUM_TX_DESC, CONFIG_8139_RXBUF_IDX) == 4.

> The best idea I have for a proper fix would be to move the TX processing
> into the poll function as well, making sure that by the end of that function
> the driver is either still in napi polling mode, or both RX and TX interrupts
> are enabled and acked.

This one is too complicated for me to implement myself, so I'll have to 
wait if someone does this.

Alternatively, maybe it is possible to explicitely request level mode 
from 8259 at the driver startup?


Thank you,

Regards,
Nikolai

>
>           Arnd
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ