CINXE.COM

LKML: Manfred Spraul: [PATCH] forcedeth: fix random memory scribbling bug

<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>LKML: Manfred Spraul: [PATCH] forcedeth: fix random memory scribbling bug</title><link href="/css/message.css" rel="stylesheet" type="text/css" /><link href="/css/wrap.css" rel="alternate stylesheet" type="text/css" title="wrap" /><link href="/css/nowrap.css" rel="stylesheet" type="text/css" title="nowrap" /><link href="/favicon.ico" rel="shortcut icon" /><script src="/js/simple-calendar.js" type="text/javascript"></script><script src="/js/styleswitcher.js" type="text/javascript"></script><link rel="alternate" type="application/rss+xml" title="lkml.org : last 100 messages" href="/rss.php" /><link rel="alternate" type="application/rss+xml" title="lkml.org : last messages by Manfred Spraul" href="/groupie.php?aid=597" /><!--Matomo--><script> var _paq = window._paq = window._paq || []; /* tracker methods like "setCustomDimension" should be called before "trackPageView" */ _paq.push(["setDoNotTrack", true]); _paq.push(["disableCookies"]); _paq.push(['trackPageView']); _paq.push(['enableLinkTracking']); (function() { var u="//m.lkml.org/"; _paq.push(['setTrackerUrl', u+'matomo.php']); _paq.push(['setSiteId', '1']); var d=document, g=d.createElement('script'), s=d.getElementsByTagName('script')[0]; g.async=true; g.src=u+'matomo.js'; s.parentNode.insertBefore(g,s); })(); </script><!--End Matomo Code--></head><body onload="es.jasper.simpleCalendar.init();" itemscope="itemscope" itemtype="http://schema.org/BlogPosting"><table border="0" cellpadding="0" cellspacing="0"><tr><td width="180" align="center"><a href="/"><img style="border:0;width:135px;height:32px" src="/images/toprowlk.gif" alt="lkml.org" /></a></td><td width="32">聽</td><td class="nb"><div><a class="nb" href="/lkml"> [lkml]</a> 聽 <a class="nb" href="/lkml/2005"> [2005]</a> 聽 <a class="nb" href="/lkml/2005/12"> [Dec]</a> 聽 <a class="nb" href="/lkml/2005/12/24"> [24]</a> 聽 <a class="nb" href="/lkml/last100"> [last100]</a> 聽 <a href="/rss.php"><img src="/images/rss-or.gif" border="0" alt="RSS Feed" /></a></div><div>Views: <a href="#" class="nowrap" onclick="setActiveStyleSheet('wrap');return false;">[wrap]</a><a href="#" class="wrap" onclick="setActiveStyleSheet('nowrap');return false;">[no wrap]</a> 聽 <a class="nb" href="/lkml/mheaders/2005/12/24/24" onclick="this.href='/lkml/headers'+'/2005/12/24/24';">[headers]</a>聽 <a href="/lkml/bounce/2005/12/24/24">[forward]</a>聽 </div></td><td width="32">聽</td></tr><tr><td valign="top"><div class="es-jasper-simpleCalendar" baseurl="/lkml/"></div><div class="threadlist">Messages in this thread</div><ul class="threadlist"><li class="root"><a href="/lkml/2005/12/24/24">First message in thread</a></li><li class="origin"><a href="/lkml/2005/12/24/29">Manfred Spraul</a><ul><li><a href="/lkml/2005/12/24/29">Jeff Garzik</a><ul><li><a href="/lkml/2005/12/24/36">Manfred Spraul</a><ul><li><a href="/lkml/2005/12/24/51">Linus Torvalds</a></li></ul></li></ul></li><li><a href="/lkml/2005/12/24/49">Linus Torvalds</a><ul><li><a href="/lkml/2005/12/24/50">Manfred Spraul</a><ul><li><a href="/lkml/2005/12/24/58">Linus Torvalds</a><ul><li><a href="/lkml/2005/12/24/60">Jeff Garzik</a></li></ul></li></ul></li><li><a href="/lkml/2005/12/24/52">Jeff Garzik</a></li></ul></li></ul></li></ul><div class="threadlist">Patch in this message</div><ul class="threadlist"><li><a href="/lkml/diff/2005/12/24/24/1">Get diff 1</a></li></ul></td><td width="32" rowspan="2" class="c" valign="top"><img src="/images/icornerl.gif" width="32" height="32" alt="/" /></td><td class="c" rowspan="2" valign="top" style="padding-top: 1em"><table><tr><td><table><tr><td class="lp">Date</td><td class="rp" itemprop="datePublished">Sat, 24 Dec 2005 14:19:24 +0100</td></tr><tr><td class="lp">From</td><td class="rp" itemprop="author">Manfred Spraul &lt;&gt;</td></tr><tr><td class="lp">Subject</td><td class="rp" itemprop="name">[PATCH] forcedeth: fix random memory scribbling bug</td></tr></table></td><td></td></tr></table><pre itemprop="articleBody">Two critical bugs were found in forcedeth 0.47:<br />- TSO doesn't work.<br />- pci_map_single() for the rx buffers is called with size==0. This bug <br />is critical, it causes random memory corruptions on systems with an iommu.<br /><br />Below is a minimal fix for both bugs, for inclusion into 2.6.15.<br />TSO will be fixed properly in the next version.<br />Tested on x86-64.<br /><br />Signed-Off-By: Manfred Spraul &lt;manfred&#64;colorfullife.com&gt;<br />--- 2.6/drivers/net/forcedeth.c 2005-12-19 01:36:54.000000000 +0100<br />+++ x64/drivers/net/forcedeth.c 2005-12-24 12:16:30.000000000 +0100<br />&#64;&#64; -10,7 +10,7 &#64;&#64;<br /> * trademarks of NVIDIA Corporation in the United States and other<br /> * countries.<br /> *<br />- * Copyright (C) 2003,4 Manfred Spraul<br />+ * Copyright (C) 2003,4,5 Manfred Spraul<br /> * Copyright (C) 2004 Andrew de Quincey (wol support)<br /> * Copyright (C) 2004 Carl-Daniel Hailfinger (invalid MAC handling, insane<br /> * IRQ rate fixes, bigendian fixes, cleanups, verification)<br />&#64;&#64; -100,6 +100,7 &#64;&#64;<br /> * 0.45: 18 Sep 2005: Remove nv_stop/start_rx from every link check<br /> * 0.46: 20 Oct 2005: Add irq optimization modes.<br /> * 0.47: 26 Oct 2005: Add phyaddr 0 in phy scan.<br />+ * 0.48: 24 Dec 2005: Disable TSO, bugfix for pci_map_single<br /> *<br /> * Known bugs:<br /> * We suspect that on some hardware no TX done interrupts are generated.<br />&#64;&#64; -111,7 +112,7 &#64;&#64;<br /> * DEV_NEED_TIMERIRQ will not harm you on sane hardware, only generating a few<br /> * superfluous timer interrupts from the nic.<br /> */<br />-#define FORCEDETH_VERSION "0.47"<br />+#define FORCEDETH_VERSION "0.48"<br /> #define DRV_NAME "forcedeth"<br /> <br /> #include &lt;linux/module.h&gt;<br />&#64;&#64; -871,8 +872,8 &#64;&#64;<br /> } else {<br /> skb = np-&gt;rx_skbuff[nr];<br /> }<br />- np-&gt;rx_dma[nr] = pci_map_single(np-&gt;pci_dev, skb-&gt;data, skb-&gt;len,<br />- PCI_DMA_FROMDEVICE);<br />+ np-&gt;rx_dma[nr] = pci_map_single(np-&gt;pci_dev, skb-&gt;data,<br />+ skb-&gt;end-skb-&gt;data, PCI_DMA_FROMDEVICE);<br /> if (np-&gt;desc_ver == DESC_VER_1 || np-&gt;desc_ver == DESC_VER_2) {<br /> np-&gt;rx_ring.orig[nr].PacketBuffer = cpu_to_le32(np-&gt;rx_dma[nr]);<br /> wmb();<br />&#64;&#64; -999,7 +1000,7 &#64;&#64;<br /> wmb();<br /> if (np-&gt;rx_skbuff[i]) {<br /> pci_unmap_single(np-&gt;pci_dev, np-&gt;rx_dma[i],<br />- np-&gt;rx_skbuff[i]-&gt;len,<br />+ np-&gt;rx_skbuff[i]-&gt;end-np-&gt;rx_skbuff[i]-&gt;data,<br /> PCI_DMA_FROMDEVICE);<br /> dev_kfree_skb(np-&gt;rx_skbuff[i]);<br /> np-&gt;rx_skbuff[i] = NULL;<br />&#64;&#64; -1334,7 +1335,7 &#64;&#64;<br /> * the performance.<br /> */<br /> pci_unmap_single(np-&gt;pci_dev, np-&gt;rx_dma[i],<br />- np-&gt;rx_skbuff[i]-&gt;len,<br />+ np-&gt;rx_skbuff[i]-&gt;end-np-&gt;rx_skbuff[i]-&gt;data,<br /> PCI_DMA_FROMDEVICE);<br /> <br /> {<br />&#64;&#64; -2455,7 +2456,7 &#64;&#64;<br /> np-&gt;txrxctl_bits |= NVREG_TXRXCTL_RXCHECK;<br /> dev-&gt;features |= NETIF_F_HW_CSUM | NETIF_F_SG;<br /> #ifdef NETIF_F_TSO<br />- dev-&gt;features |= NETIF_F_TSO;<br />+ /* disabled dev-&gt;features |= NETIF_F_TSO; */<br /> #endif<br /> }<br /> </pre></td><td width="32" rowspan="2" class="c" valign="top"><img src="/images/icornerr.gif" width="32" height="32" alt="\" /></td></tr><tr><td align="right" valign="bottom"> 聽 </td></tr><tr><td align="right" valign="bottom">聽</td><td class="c" valign="bottom" style="padding-bottom: 0px"><img src="/images/bcornerl.gif" width="32" height="32" alt="\" /></td><td class="c">聽</td><td class="c" valign="bottom" style="padding-bottom: 0px"><img src="/images/bcornerr.gif" width="32" height="32" alt="/" /></td></tr><tr><td align="right" valign="top" colspan="2"> 聽 </td><td class="lm">Last update: 2005-12-24 14:26 聽聽 [from the cache]<br />漏2003-2020 <a href="http://blog.jasper.es/"><span itemprop="editor">Jasper Spaans</span></a>|hosted at <a href="https://www.digitalocean.com/?refcode=9a8e99d24cf9">Digital Ocean</a> and my Meterkast|<a href="http://blog.jasper.es/categories.html#lkml-ref">Read the blog</a></td><td>聽</td></tr></table><script language="javascript" src="/js/styleswitcher.js" type="text/javascript"></script></body></html>

Pages: 1 2 3 4 5 6 7 8 9 10