Brian Murphy wrote:
In pcnet32.c where the driver writer sets up her receive buffers there
is this line
lp->rx_dma_addr[i] = pci_map_single(lp->pci_dev, rx_skbuff->tail,
rx_skbuff->len, PCI_DMA_FROMDEVICE);
the length value turns out to be 0 and crashes the running
process,ifconfig.
Is making a map for a buffer of length 0 valid at all? If not what the
hell is going on here.
I feel this should say PKT_BUF_SZ instead of rx_skbuff->len which is the
length of skbuff which has been
allocated at this point in the code, this is line 986 in todays checkout.
Something is wrong in any case, any pointers?
Excellent. So my new BUG code detected another bad network driver. Your network
driver is broken and it needs fixed. I will refer you to these posts between
Jeff Garzik and myself when I found a similar issue on the 'natsemi.c' driver.
Mapping a PCI address with length zero is a BUG, period. You length should
be the maximum RX buffer length + 2. You will see from the patches in the
messages below that this is for IP header alignment. Good luck and please let
use know how it turns out.
-Steve
http://lkml.org/lkml/2004/3/16/218
http://lkml.org/lkml/2004/3/16/244
|