linux-mips
[Top] [All Lists]

Re: BUG in pcnet32.c?

To: Brian Murphy <brian@murphy.dk>
Subject: Re: BUG in pcnet32.c?
From: "Steven J. Hill" <sjhill@realitydiluted.com>
Date: Mon, 29 Mar 2004 15:25:49 -0500
Cc: linux-mips@linux-mips.org
In-reply-to: <4068809F.8070103@murphy.dk>
Original-recipient: rfc822;linux-mips@linux-mips.org
References: <4068809F.8070103@murphy.dk>
Sender: linux-mips-bounce@linux-mips.org
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6) Gecko/20040312 Debian/1.6-3
Brian Murphy wrote:
In pcnet32.c where the driver writer sets up her receive buffers there is this line

lp->rx_dma_addr[i] = pci_map_single(lp->pci_dev, rx_skbuff->tail, rx_skbuff->len, PCI_DMA_FROMDEVICE);

the length value turns out to be 0 and crashes the running process,ifconfig. Is making a map for a buffer of length 0 valid at all? If not what the hell is going on here.

I feel this should say PKT_BUF_SZ instead of rx_skbuff->len which is the length of skbuff which has been
allocated at this point in the code, this is line 986 in todays checkout.

Something is wrong in any case, any pointers?

Excellent. So my new BUG code detected another bad network driver. Your network
driver is broken and it needs fixed. I will refer you to these posts between
Jeff Garzik and myself when I found a similar issue on the 'natsemi.c' driver.
Mapping a PCI address with length zero is a BUG, period. You length should
be the maximum RX buffer length + 2. You will see from the patches in the
messages below that this is for IP header alignment. Good luck and please let
use know how it turns out.

-Steve

http://lkml.org/lkml/2004/3/16/218
http://lkml.org/lkml/2004/3/16/244

<Prev in Thread] Current Thread [Next in Thread>