* [PATCH 2.6.29.1 1/1] 8139too: fix HW initial flow
@ 2009-04-20 12:58 jon.lin
2009-04-20 13:28 ` Amos Kong
2009-04-21 8:52 ` David Miller
0 siblings, 2 replies; 13+ messages in thread
From: jon.lin @ 2009-04-20 12:58 UTC (permalink / raw)
To: davem; +Cc: dada1, netdev, linux-kernel, jon.lin
From: Jonathan Lin <jon.lin@vatics.com>
While ifconfig eth0 up kernel calls open() of 8139 driver(8139too.c).
In rtl8139_hw_start() of rtl8139_open(), 8139 driver enable RX before setting up the DMA buffer address. In this interval where RX was enabled and DMA buffer address is not yet set up, any incoming broadcast packet would be send to a strange physical address:
0x003e8800 which is the default value of DMA buffer address.
Unfortunately, this address is used by Linux kernel. So kernel panics.
This patch fix it by setting up DMA buffer address before RX enabled and everything is fine even under broadcast packets attack.
Signed-off-by: Jonathan Lin <jon.lin@vatics.com>
--- linux-2.6.29.1/drivers/net/8139too.c.orig 2009-04-19 17:50:38.000000000 +0800
+++ linux-2.6.29.1/drivers/net/8139too.c 2009-04-19 17:52:51.000000000 +0800
@@ -1382,6 +1382,10 @@ static void rtl8139_hw_start (struct net
RTL_W32_F (MAC0 + 0, le32_to_cpu (*(__le32 *) (dev->dev_addr + 0)));
RTL_W32_F (MAC0 + 4, le16_to_cpu (*(__le16 *) (dev->dev_addr + 4)));
+ tp->cur_rx = 0;
+ /* init Rx ring buffer DMA address BEFORE Rx enabled*/
+ RTL_W32_F (RxBuf, tp->rx_ring_dma);
+
/* Must enable Tx/Rx before setting transfer thresholds! */
RTL_W8 (ChipCmd, CmdRxEnb | CmdTxEnb);
@@ -1389,8 +1393,6 @@ static void rtl8139_hw_start (struct net
RTL_W32 (RxConfig, tp->rx_config);
RTL_W32 (TxConfig, rtl8139_tx_config);
- tp->cur_rx = 0;
-
rtl_check_media (dev, 1);
if (tp->chipset >= CH_8139B) {
@@ -1405,9 +1407,6 @@ static void rtl8139_hw_start (struct net
/* Lock Config[01234] and BMCR register writes */
RTL_W8 (Cfg9346, Cfg9346_Lock);
- /* init Rx ring buffer DMA address */
- RTL_W32_F (RxBuf, tp->rx_ring_dma);
-
/* init Tx buffer DMA addresses */
for (i = 0; i < NUM_TX_DESC; i++)
RTL_W32_F (TxAddr0 + (i * 4), tp->tx_bufs_dma + (tp->tx_buf[i] - tp->tx_bufs));
^ permalink raw reply [flat|nested] 13+ messages in thread* Re: [PATCH 2.6.29.1 1/1] 8139too: fix HW initial flow
2009-04-20 12:58 [PATCH 2.6.29.1 1/1] 8139too: fix HW initial flow jon.lin
@ 2009-04-20 13:28 ` Amos Kong
2009-04-21 8:52 ` David Miller
1 sibling, 0 replies; 13+ messages in thread
From: Amos Kong @ 2009-04-20 13:28 UTC (permalink / raw)
To: jon.lin; +Cc: davem, dada1, netdev, linux-kernel
On Mon, Apr 20, 2009 at 08:58:01PM +0800, jon.lin@vatics.com wrote:
>From: Jonathan Lin <jon.lin@vatics.com>
>
>While ifconfig eth0 up kernel calls open() of 8139 driver(8139too.c).
>In rtl8139_hw_start() of rtl8139_open(), 8139 driver enable RX before setting up the DMA buffer address. In this interval where RX was enabled and DMA buffer address is not yet set up, any incoming broadcast packet would be send to a strange physical address:
>0x003e8800 which is the default value of DMA buffer address.
>Unfortunately, this address is used by Linux kernel. So kernel panics.
>This patch fix it by setting up DMA buffer address before RX enabled and everything is fine even under broadcast packets attack.
>
>Signed-off-by: Jonathan Lin <jon.lin@vatics.com>
Reviewed-by: Amos Kong <jianjun@zeuux.org>
>--- linux-2.6.29.1/drivers/net/8139too.c.orig 2009-04-19 17:50:38.000000000 +0800
>+++ linux-2.6.29.1/drivers/net/8139too.c 2009-04-19 17:52:51.000000000 +0800
>@@ -1382,6 +1382,10 @@ static void rtl8139_hw_start (struct net
> RTL_W32_F (MAC0 + 0, le32_to_cpu (*(__le32 *) (dev->dev_addr + 0)));
> RTL_W32_F (MAC0 + 4, le16_to_cpu (*(__le16 *) (dev->dev_addr + 4)));
>
>+ tp->cur_rx = 0;
>+ /* init Rx ring buffer DMA address BEFORE Rx enabled*/
>+ RTL_W32_F (RxBuf, tp->rx_ring_dma);
>+
...
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [PATCH 2.6.29.1 1/1] 8139too: fix HW initial flow
2009-04-20 12:58 [PATCH 2.6.29.1 1/1] 8139too: fix HW initial flow jon.lin
2009-04-20 13:28 ` Amos Kong
@ 2009-04-21 8:52 ` David Miller
2009-04-21 9:48 ` Amos Kong
1 sibling, 1 reply; 13+ messages in thread
From: David Miller @ 2009-04-21 8:52 UTC (permalink / raw)
To: jon.lin; +Cc: dada1, netdev, linux-kernel
From: <jon.lin@vatics.com>
Date: Mon, 20 Apr 2009 20:58:01 +0800
> While ifconfig eth0 up kernel calls open() of 8139 driver(8139too.c).
> In rtl8139_hw_start() of rtl8139_open(), 8139 driver enable RX before setting up the DMA buffer address. In this interval where RX was enabled and DMA buffer address is not yet set up, any incoming broadcast packet would be send to a strange physical address:
> 0x003e8800 which is the default value of DMA buffer address.
> Unfortunately, this address is used by Linux kernel. So kernel panics.
> This patch fix it by setting up DMA buffer address before RX enabled and everything is fine even under broadcast packets attack.
>
> Signed-off-by: Jonathan Lin <jon.lin@vatics.com>
This patch does not apply, it was corrupted by your email client.
I even think it has MS-DOS style newlines in it :-(
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [PATCH 2.6.29.1 1/1] 8139too: fix HW initial flow
2009-04-21 8:52 ` David Miller
@ 2009-04-21 9:48 ` Amos Kong
2009-04-21 10:09 ` jon.lin
2009-04-21 10:30 ` Eric Dumazet
0 siblings, 2 replies; 13+ messages in thread
From: Amos Kong @ 2009-04-21 9:48 UTC (permalink / raw)
To: David Miller; +Cc: jon.lin, dada1, netdev, linux-kernel
...
>> Unfortunately, this address is used by Linux kernel. So kernel panics.
>> This patch fix it by setting up DMA buffer address before RX enabled and everything is fine even under broadcast packets attack.
>>
>> Signed-off-by: Jonathan Lin <jon.lin@vatics.com>
>
>This patch does not apply, it was corrupted by your email client.
>
>I even think it has MS-DOS style newlines in it :-(
Another new patch :)
While ifconfig eth0 up kernel calls open() of 8139 driver(8139too.c).
In rtl8139_hw_start() of rtl8139_open(), 8139 driver enable RX before setting up the DMA
buffer address. In this interval where RX was enabled and DMA buffer address is not yet set
up, any incoming broadcast packet would be send to a strange physical address:
0x003e8800 which is the default value of DMA buffer address.
Unfortunately, this address is used by Linux kernel. So kernel panics.
This patch fix it by setting up DMA buffer address before RX enabled and everything is fine
even under broadcast packets attack.
Signed-off-by: Jonathan Lin <jon.lin@vatics.com>
Signed-off-by: Amos Kong <jianjun@zeuux.org>
---
drivers/net/8139too.c | 10 +++++-----
1 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/drivers/net/8139too.c b/drivers/net/8139too.c
index 29df398..1fc4543 100644
--- a/drivers/net/8139too.c
+++ b/drivers/net/8139too.c
@@ -1383,6 +1383,11 @@ static void rtl8139_hw_start (struct net_device *dev)
RTL_W32_F (MAC0 + 0, le32_to_cpu (*(__le32 *) (dev->dev_addr + 0)));
RTL_W32_F (MAC0 + 4, le16_to_cpu (*(__le16 *) (dev->dev_addr + 4)));
+ tp->cur_rx = 0;
+
+ /* init Rx ring buffer DMA address */
+ RTL_W32_F (RxBuf, tp->rx_ring_dma);
+
/* Must enable Tx/Rx before setting transfer thresholds! */
RTL_W8 (ChipCmd, CmdRxEnb | CmdTxEnb);
@@ -1390,8 +1395,6 @@ static void rtl8139_hw_start (struct net_device *dev)
RTL_W32 (RxConfig, tp->rx_config);
RTL_W32 (TxConfig, rtl8139_tx_config);
- tp->cur_rx = 0;
-
rtl_check_media (dev, 1);
if (tp->chipset >= CH_8139B) {
@@ -1406,9 +1409,6 @@ static void rtl8139_hw_start (struct net_device *dev)
/* Lock Config[01234] and BMCR register writes */
RTL_W8 (Cfg9346, Cfg9346_Lock);
- /* init Rx ring buffer DMA address */
- RTL_W32_F (RxBuf, tp->rx_ring_dma);
-
/* init Tx buffer DMA addresses */
for (i = 0; i < NUM_TX_DESC; i++)
RTL_W32_F (TxAddr0 + (i * 4), tp->tx_bufs_dma + (tp->tx_buf[i] - tp->tx_bufs));
--
1.5.6.3
^ permalink raw reply related [flat|nested] 13+ messages in thread* RE: [PATCH 2.6.29.1 1/1] 8139too: fix HW initial flow
2009-04-21 9:48 ` Amos Kong
@ 2009-04-21 10:09 ` jon.lin
2009-04-21 10:34 ` Eric Dumazet
2009-04-21 10:30 ` Eric Dumazet
1 sibling, 1 reply; 13+ messages in thread
From: jon.lin @ 2009-04-21 10:09 UTC (permalink / raw)
To: jianjun, davem; +Cc: dada1, netdev, linux-kernel
Dear Sirs,
I am so sorry for my clumsiness!
It is so embarrassed that I can't submit a valid patch...
Thank you all for your incredible patience.
I will try to use mail command in my Linux box to submit it again.
Sorry for these stupid failures.
Regards
Jonathan
-----Original Message-----
From: Amos Kong [mailto:jianjun@zeuux.org]
Sent: Tuesday, April 21, 2009 5:48 PM
To: David Miller
Cc: Jon.Lin(林宗德); dada1@cosmosbay.com; netdev@vger.kernel.org; linux-kernel@vger.kernel.org
Subject: Re: [PATCH 2.6.29.1 1/1] 8139too: fix HW initial flow
...
>> Unfortunately, this address is used by Linux kernel. So kernel panics.
>> This patch fix it by setting up DMA buffer address before RX enabled and everything is fine even under broadcast packets attack.
>>
>> Signed-off-by: Jonathan Lin <jon.lin@vatics.com>
>
>This patch does not apply, it was corrupted by your email client.
>
>I even think it has MS-DOS style newlines in it :-(
Another new patch :)
While ifconfig eth0 up kernel calls open() of 8139 driver(8139too.c).
In rtl8139_hw_start() of rtl8139_open(), 8139 driver enable RX before setting up the DMA
buffer address. In this interval where RX was enabled and DMA buffer address is not yet set
up, any incoming broadcast packet would be send to a strange physical address:
0x003e8800 which is the default value of DMA buffer address.
Unfortunately, this address is used by Linux kernel. So kernel panics.
This patch fix it by setting up DMA buffer address before RX enabled and everything is fine
even under broadcast packets attack.
Signed-off-by: Jonathan Lin <jon.lin@vatics.com>
Signed-off-by: Amos Kong <jianjun@zeuux.org>
---
drivers/net/8139too.c | 10 +++++-----
1 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/drivers/net/8139too.c b/drivers/net/8139too.c
index 29df398..1fc4543 100644
--- a/drivers/net/8139too.c
+++ b/drivers/net/8139too.c
@@ -1383,6 +1383,11 @@ static void rtl8139_hw_start (struct net_device *dev)
RTL_W32_F (MAC0 + 0, le32_to_cpu (*(__le32 *) (dev->dev_addr + 0)));
RTL_W32_F (MAC0 + 4, le16_to_cpu (*(__le16 *) (dev->dev_addr + 4)));
+ tp->cur_rx = 0;
+
+ /* init Rx ring buffer DMA address */
+ RTL_W32_F (RxBuf, tp->rx_ring_dma);
+
/* Must enable Tx/Rx before setting transfer thresholds! */
RTL_W8 (ChipCmd, CmdRxEnb | CmdTxEnb);
@@ -1390,8 +1395,6 @@ static void rtl8139_hw_start (struct net_device *dev)
RTL_W32 (RxConfig, tp->rx_config);
RTL_W32 (TxConfig, rtl8139_tx_config);
- tp->cur_rx = 0;
-
rtl_check_media (dev, 1);
if (tp->chipset >= CH_8139B) {
@@ -1406,9 +1409,6 @@ static void rtl8139_hw_start (struct net_device *dev)
/* Lock Config[01234] and BMCR register writes */
RTL_W8 (Cfg9346, Cfg9346_Lock);
- /* init Rx ring buffer DMA address */
- RTL_W32_F (RxBuf, tp->rx_ring_dma);
-
/* init Tx buffer DMA addresses */
for (i = 0; i < NUM_TX_DESC; i++)
RTL_W32_F (TxAddr0 + (i * 4), tp->tx_bufs_dma + (tp->tx_buf[i] - tp->tx_bufs));
--
1.5.6.3
^ permalink raw reply related [flat|nested] 13+ messages in thread* Re: [PATCH 2.6.29.1 1/1] 8139too: fix HW initial flow
2009-04-21 10:09 ` jon.lin
@ 2009-04-21 10:34 ` Eric Dumazet
0 siblings, 0 replies; 13+ messages in thread
From: Eric Dumazet @ 2009-04-21 10:34 UTC (permalink / raw)
To: jon.lin; +Cc: jianjun, davem, netdev, linux-kernel
jon.lin@vatics.com a e'crit :
> Dear Sirs,
>
> I am so sorry for my clumsiness!
> It is so embarrassed that I can't submit a valid patch...
> Thank you all for your incredible patience.
> I will try to use mail command in my Linux box to submit it again.
> Sorry for these stupid failures.
>
> Regards
> Jonathan
It happens :(
Next time you want to try, just send your patch to someone
(this could be you or me) that can check patch before you re-submit it to
the lists, this can avoid many iterations.
You did the hard work, finding and fixing the bug, dont forget it !
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [PATCH 2.6.29.1 1/1] 8139too: fix HW initial flow
2009-04-21 9:48 ` Amos Kong
2009-04-21 10:09 ` jon.lin
@ 2009-04-21 10:30 ` Eric Dumazet
2009-04-22 7:44 ` David Miller
1 sibling, 1 reply; 13+ messages in thread
From: Eric Dumazet @ 2009-04-21 10:30 UTC (permalink / raw)
To: Amos Kong; +Cc: David Miller, jon.lin, netdev, linux-kernel
Amos Kong a écrit :
> ...
>>> Unfortunately, this address is used by Linux kernel. So kernel panics.
>>> This patch fix it by setting up DMA buffer address before RX enabled and everything is fine even under broadcast packets attack.
>>>
>>> Signed-off-by: Jonathan Lin <jon.lin@vatics.com>
>> This patch does not apply, it was corrupted by your email client.
>>
>> I even think it has MS-DOS style newlines in it :-(
>
> Another new patch :)
>
>
> While ifconfig eth0 up kernel calls open() of 8139 driver(8139too.c).
> In rtl8139_hw_start() of rtl8139_open(), 8139 driver enable RX before setting up the DMA
> buffer address. In this interval where RX was enabled and DMA buffer address is not yet set
> up, any incoming broadcast packet would be send to a strange physical address:
> 0x003e8800 which is the default value of DMA buffer address.
> Unfortunately, this address is used by Linux kernel. So kernel panics.
> This patch fix it by setting up DMA buffer address before RX enabled and everything is fine
> even under broadcast packets attack.
>
> Signed-off-by: Jonathan Lin <jon.lin@vatics.com>
> Signed-off-by: Amos Kong <jianjun@zeuux.org>
Signed-off-by: Eric Dumazet <dada1@cosmosbay.com>
Thanks Amos and Jonathan
>
> ---
> drivers/net/8139too.c | 10 +++++-----
> 1 files changed, 5 insertions(+), 5 deletions(-)
>
> diff --git a/drivers/net/8139too.c b/drivers/net/8139too.c
> index 29df398..1fc4543 100644
> --- a/drivers/net/8139too.c
> +++ b/drivers/net/8139too.c
> @@ -1383,6 +1383,11 @@ static void rtl8139_hw_start (struct net_device *dev)
> RTL_W32_F (MAC0 + 0, le32_to_cpu (*(__le32 *) (dev->dev_addr + 0)));
> RTL_W32_F (MAC0 + 4, le16_to_cpu (*(__le16 *) (dev->dev_addr + 4)));
>
> + tp->cur_rx = 0;
> +
> + /* init Rx ring buffer DMA address */
> + RTL_W32_F (RxBuf, tp->rx_ring_dma);
> +
> /* Must enable Tx/Rx before setting transfer thresholds! */
> RTL_W8 (ChipCmd, CmdRxEnb | CmdTxEnb);
>
> @@ -1390,8 +1395,6 @@ static void rtl8139_hw_start (struct net_device *dev)
> RTL_W32 (RxConfig, tp->rx_config);
> RTL_W32 (TxConfig, rtl8139_tx_config);
>
> - tp->cur_rx = 0;
> -
> rtl_check_media (dev, 1);
>
> if (tp->chipset >= CH_8139B) {
> @@ -1406,9 +1409,6 @@ static void rtl8139_hw_start (struct net_device *dev)
> /* Lock Config[01234] and BMCR register writes */
> RTL_W8 (Cfg9346, Cfg9346_Lock);
>
> - /* init Rx ring buffer DMA address */
> - RTL_W32_F (RxBuf, tp->rx_ring_dma);
> -
> /* init Tx buffer DMA addresses */
> for (i = 0; i < NUM_TX_DESC; i++)
> RTL_W32_F (TxAddr0 + (i * 4), tp->tx_bufs_dma + (tp->tx_buf[i] - tp->tx_bufs));
^ permalink raw reply [flat|nested] 13+ messages in thread* Re: [PATCH 2.6.29.1 1/1] 8139too: fix HW initial flow
2009-04-21 10:30 ` Eric Dumazet
@ 2009-04-22 7:44 ` David Miller
0 siblings, 0 replies; 13+ messages in thread
From: David Miller @ 2009-04-22 7:44 UTC (permalink / raw)
To: dada1; +Cc: jianjun, jon.lin, netdev, linux-kernel
From: Eric Dumazet <dada1@cosmosbay.com>
Date: Tue, 21 Apr 2009 12:30:24 +0200
> Amos Kong a écrit :
>> ...
>> While ifconfig eth0 up kernel calls open() of 8139 driver(8139too.c).
>> In rtl8139_hw_start() of rtl8139_open(), 8139 driver enable RX before setting up the DMA
>> buffer address. In this interval where RX was enabled and DMA buffer address is not yet set
>> up, any incoming broadcast packet would be send to a strange physical address:
>> 0x003e8800 which is the default value of DMA buffer address.
>> Unfortunately, this address is used by Linux kernel. So kernel panics.
>> This patch fix it by setting up DMA buffer address before RX enabled and everything is fine
>> even under broadcast packets attack.
>>
>> Signed-off-by: Jonathan Lin <jon.lin@vatics.com>
>> Signed-off-by: Amos Kong <jianjun@zeuux.org>
>
> Signed-off-by: Eric Dumazet <dada1@cosmosbay.com>
>
> Thanks Amos and Jonathan
Applied, thanks everyone.
^ permalink raw reply [flat|nested] 13+ messages in thread
* [PATCH 2.6.29.1 1/1]8139too:fix HW initial flow
@ 2009-04-21 10:13 User Tzungder
0 siblings, 0 replies; 13+ messages in thread
From: User Tzungder @ 2009-04-21 10:13 UTC (permalink / raw)
To: davem; +Cc: dada1, jon.lin, linux-kernel, netdev, tzungder
From:Jonathan Lin <jon.lin@vatics.com>
While ifconfig eth0 up kernel call open() of 8139 driver(8139too.c).
In rtl8139_hw_start() of rtl8139_open(), 8139 driver enable RX before setting up the DMA buffer address. In this interval where RX was enabled and DMA buffer address is not yet set up, any incoming broadcast packet would be send to a strange physical address: 0x003e8800 which is the default value of DMA buffer address.
Unfortunately, this address is used by Linux kernel. So kernel panics.
This patch fix it by setting up DMA buffer address before RX enabled and everything is fine even under broadcast packets attack.
Signed-off-by:Jonathan Lin <jon.lin@vatics.com>
--- linux-2.6.29.1/drivers/net/8139too.c.orig 2009-04-20 20:46:21.000000000 +0800
+++ linux-2.6.29.1/drivers/net/8139too.c 2009-04-20 20:58:39.000000000 +0800
@@ -1382,6 +1382,10 @@ static void rtl8139_hw_start (struct net
RTL_W32_F (MAC0 + 0, le32_to_cpu (*(__le32 *) (dev->dev_addr + 0)));
RTL_W32_F (MAC0 + 4, le16_to_cpu (*(__le16 *) (dev->dev_addr + 4)));
+ tp->cur_rx = 0;
+ /* init Rx ring buffer DMA address BEFORE Rx enabled*/
+ RTL_W32_F (RxBuf, tp->rx_ring_dma);
+
/* Must enable Tx/Rx before setting transfer thresholds! */
RTL_W8 (ChipCmd, CmdRxEnb | CmdTxEnb);
@@ -1389,8 +1393,6 @@ static void rtl8139_hw_start (struct net
RTL_W32 (RxConfig, tp->rx_config);
RTL_W32 (TxConfig, rtl8139_tx_config);
- tp->cur_rx = 0;
-
rtl_check_media (dev, 1);
if (tp->chipset >= CH_8139B) {
@@ -1405,9 +1407,6 @@ static void rtl8139_hw_start (struct net
/* Lock Config[01234] and BMCR register writes */
RTL_W8 (Cfg9346, Cfg9346_Lock);
- /* init Rx ring buffer DMA address */
- RTL_W32_F (RxBuf, tp->rx_ring_dma);
-
/* init Tx buffer DMA addresses */
for (i = 0; i < NUM_TX_DESC; i++)
RTL_W32_F (TxAddr0 + (i * 4), tp->tx_bufs_dma + (tp->tx_buf[i] - tp->tx_bufs));
^ permalink raw reply [flat|nested] 13+ messages in thread* [PATCH 2.6.29.1 1/1] 8139too: fix HW initial flow
@ 2009-04-19 10:16 Tzungder Lin
2009-04-19 11:22 ` Eric Dumazet
2009-04-20 1:54 ` Tzungder Lin
0 siblings, 2 replies; 13+ messages in thread
From: Tzungder Lin @ 2009-04-19 10:16 UTC (permalink / raw)
To: Eric Dumazet; +Cc: netdev, davem, linux-kernel
From: Jonathan Lin <jon.lin@vatics.com, tzungder@gmail.com>
While ifconfig eth0 up kernel calls open() of 8139 driver(8139too.c).
In rtl8139_hw_start() of rtl8139_open(), 8139 driver enable RX before
setting up the DMA buffer address. In this interval where RX was
enabled and DMA buffer address is not yet set up, any incoming
broadcast packet would be send to a strange physical address:
0x003e8800 which is the default value of DMA buffer address.
Unfortunately, this address is used by Linux kernel. So kernel panics.
This patch fix it by setting up DMA buffer address before RX enabled
and everything is fine even under broadcast packets attack.
Signed-off-by: Jonathan Lin <jon.lin@vatics.com, tzungder@gmail.com>
---
--- linux-2.6.29.1/drivers/net/8139too.c.orig 2009-04-19
17:50:38.000000000 +0800
+++ linux-2.6.29.1/drivers/net/8139too.c 2009-04-19 17:52:51.000000000 +0800
@@ -1382,6 +1382,10 @@ static void rtl8139_hw_start (struct net
RTL_W32_F (MAC0 + 0, le32_to_cpu (*(__le32 *) (dev->dev_addr + 0)));
RTL_W32_F (MAC0 + 4, le16_to_cpu (*(__le16 *) (dev->dev_addr + 4)));
+ tp->cur_rx = 0;
+ /* init Rx ring buffer DMA address BEFORE Rx enabled*/
+ RTL_W32_F (RxBuf, tp->rx_ring_dma);
+
/* Must enable Tx/Rx before setting transfer thresholds! */
RTL_W8 (ChipCmd, CmdRxEnb | CmdTxEnb);
@@ -1389,8 +1393,6 @@ static void rtl8139_hw_start (struct net
RTL_W32 (RxConfig, tp->rx_config);
RTL_W32 (TxConfig, rtl8139_tx_config);
- tp->cur_rx = 0;
-
rtl_check_media (dev, 1);
if (tp->chipset >= CH_8139B) {
@@ -1405,9 +1407,6 @@ static void rtl8139_hw_start (struct net
/* Lock Config[01234] and BMCR register writes */
RTL_W8 (Cfg9346, Cfg9346_Lock);
- /* init Rx ring buffer DMA address */
- RTL_W32_F (RxBuf, tp->rx_ring_dma);
-
/* init Tx buffer DMA addresses */
for (i = 0; i < NUM_TX_DESC; i++)
RTL_W32_F (TxAddr0 + (i * 4), tp->tx_bufs_dma + (tp->tx_buf[i] -
tp->tx_bufs));
^ permalink raw reply [flat|nested] 13+ messages in thread* Re: [PATCH 2.6.29.1 1/1] 8139too: fix HW initial flow
2009-04-19 10:16 [PATCH 2.6.29.1 1/1] 8139too: fix " Tzungder Lin
@ 2009-04-19 11:22 ` Eric Dumazet
2009-04-20 1:54 ` Tzungder Lin
1 sibling, 0 replies; 13+ messages in thread
From: Eric Dumazet @ 2009-04-19 11:22 UTC (permalink / raw)
To: Tzungder Lin; +Cc: netdev, davem, linux-kernel
Tzungder Lin a écrit :
> From: Jonathan Lin <jon.lin@vatics.com, tzungder@gmail.com>
>
> While ifconfig eth0 up kernel calls open() of 8139 driver(8139too.c).
> In rtl8139_hw_start() of rtl8139_open(), 8139 driver enable RX before
> setting up the DMA buffer address. In this interval where RX was
> enabled and DMA buffer address is not yet set up, any incoming
> broadcast packet would be send to a strange physical address:
> 0x003e8800 which is the default value of DMA buffer address.
> Unfortunately, this address is used by Linux kernel. So kernel panics.
> This patch fix it by setting up DMA buffer address before RX enabled
> and everything is fine even under broadcast packets attack.
>
> Signed-off-by: Jonathan Lin <jon.lin@vatics.com, tzungder@gmail.com>
>
> ---
>
> --- linux-2.6.29.1/drivers/net/8139too.c.orig 2009-04-19
> 17:50:38.000000000 +0800
> +++ linux-2.6.29.1/drivers/net/8139too.c 2009-04-19 17:52:51.000000000 +0800
> @@ -1382,6 +1382,10 @@ static void rtl8139_hw_start (struct net
> RTL_W32_F (MAC0 + 0, le32_to_cpu (*(__le32 *) (dev->dev_addr + 0)));
> RTL_W32_F (MAC0 + 4, le16_to_cpu (*(__le16 *) (dev->dev_addr + 4)));
>
> + tp->cur_rx = 0;
> + /* init Rx ring buffer DMA address BEFORE Rx enabled*/
> + RTL_W32_F (RxBuf, tp->rx_ring_dma);
> +
> /* Must enable Tx/Rx before setting transfer thresholds! */
> RTL_W8 (ChipCmd, CmdRxEnb | CmdTxEnb);
>
> @@ -1389,8 +1393,6 @@ static void rtl8139_hw_start (struct net
> RTL_W32 (RxConfig, tp->rx_config);
> RTL_W32 (TxConfig, rtl8139_tx_config);
>
> - tp->cur_rx = 0;
> -
> rtl_check_media (dev, 1);
>
> if (tp->chipset >= CH_8139B) {
> @@ -1405,9 +1407,6 @@ static void rtl8139_hw_start (struct net
> /* Lock Config[01234] and BMCR register writes */
> RTL_W8 (Cfg9346, Cfg9346_Lock);
>
> - /* init Rx ring buffer DMA address */
> - RTL_W32_F (RxBuf, tp->rx_ring_dma);
> -
> /* init Tx buffer DMA addresses */
> for (i = 0; i < NUM_TX_DESC; i++)
> RTL_W32_F (TxAddr0 + (i * 4), tp->tx_bufs_dma + (tp->tx_buf[i] -
> tp->tx_bufs));
> --
Hi Jonathan
There are at least two small problems on this patch submission.
1) Please chose one of email address for Signoff line, not two :)
For example : Signed-off-by: Jonathan Lin <tzungder@gmail.com>
You'll be soon flooded by spams, so dont ease spamers life :)
2) Try to find out why your email got two lines wrapped
You can read Documentation/email-clients.txt if you want extensive documentation.
You can also test this by sending your 'patch' to yourself and check if
no lines were wrapped before sending the 'official patch'
I dont want to bother you Jonathan, as it is pretty hard for a newcomer to learn
this things, but I feel that you might find other bugs in linux kernel, so this
learning is likely a good investment, both for you and others.
Thanks
^ permalink raw reply [flat|nested] 13+ messages in thread* [PATCH 2.6.29.1 1/1] 8139too: fix HW initial flow
2009-04-19 10:16 [PATCH 2.6.29.1 1/1] 8139too: fix " Tzungder Lin
2009-04-19 11:22 ` Eric Dumazet
@ 2009-04-20 1:54 ` Tzungder Lin
2009-04-20 10:14 ` David Miller
1 sibling, 1 reply; 13+ messages in thread
From: Tzungder Lin @ 2009-04-20 1:54 UTC (permalink / raw)
To: Eric Dumazet; +Cc: netdev, davem, linux-kernel
From: Jonathan Lin <tzungder@gmail.com>
While ifconfig eth0 up kernel calls open() of 8139 driver(8139too.c).
In rtl8139_hw_start() of rtl8139_open(), 8139 driver enable RX before
setting up the DMA buffer address. In this interval where RX was
enabled and DMA buffer address is not yet set up, any incoming
broadcast packet would be send to a strange physical address:
0x003e8800 which is the default value of DMA buffer address.
Unfortunately, this address is used by Linux kernel. So kernel panics.
This patch fix it by setting up DMA buffer address before RX enabled
and everything is fine even under broadcast packets attack.
Signed-off-by: Jonathan Lin <tzungder@gmail.com>
--- linux-2.6.29.1/drivers/net/8139too.c.orig 2009-04-19
17:50:38.000000000 +0800
+++ linux-2.6.29.1/drivers/net/8139too.c 2009-04-19
17:52:51.000000000 +0800
@@ -1382,6 +1382,10 @@ static void rtl8139_hw_start (struct net
RTL_W32_F (MAC0 + 0, le32_to_cpu (*(__le32 *) (dev->dev_addr + 0)));
RTL_W32_F (MAC0 + 4, le16_to_cpu (*(__le16 *) (dev->dev_addr + 4)));
+ tp->cur_rx = 0;
+ /* init Rx ring buffer DMA address BEFORE Rx enabled*/
+ RTL_W32_F (RxBuf, tp->rx_ring_dma);
+
/* Must enable Tx/Rx before setting transfer thresholds! */
RTL_W8 (ChipCmd, CmdRxEnb | CmdTxEnb);
@@ -1389,8 +1393,6 @@ static void rtl8139_hw_start (struct net
RTL_W32 (RxConfig, tp->rx_config);
RTL_W32 (TxConfig, rtl8139_tx_config);
- tp->cur_rx = 0;
-
rtl_check_media (dev, 1);
if (tp->chipset >= CH_8139B) {
@@ -1405,9 +1407,6 @@ static void rtl8139_hw_start (struct net
/* Lock Config[01234] and BMCR register writes */
RTL_W8 (Cfg9346, Cfg9346_Lock);
- /* init Rx ring buffer DMA address */
- RTL_W32_F (RxBuf, tp->rx_ring_dma);
-
/* init Tx buffer DMA addresses */
for (i = 0; i < NUM_TX_DESC; i++)
RTL_W32_F (TxAddr0 + (i * 4), tp->tx_bufs_dma + (tp->tx_buf[i] -
tp->tx_bufs));
^ permalink raw reply [flat|nested] 13+ messages in thread* Re: [PATCH 2.6.29.1 1/1] 8139too: fix HW initial flow
2009-04-20 1:54 ` Tzungder Lin
@ 2009-04-20 10:14 ` David Miller
0 siblings, 0 replies; 13+ messages in thread
From: David Miller @ 2009-04-20 10:14 UTC (permalink / raw)
To: tzungder; +Cc: dada1, netdev, linux-kernel
From: Tzungder Lin <tzungder@gmail.com>
Date: Mon, 20 Apr 2009 09:54:10 +0800
> From: Jonathan Lin <tzungder@gmail.com>
>
> While ifconfig eth0 up kernel calls open() of 8139 driver(8139too.c).
> In rtl8139_hw_start() of rtl8139_open(), 8139 driver enable RX before
> setting up the DMA buffer address. In this interval where RX was
> enabled and DMA buffer address is not yet set up, any incoming
> broadcast packet would be send to a strange physical address:
> 0x003e8800 which is the default value of DMA buffer address.
> Unfortunately, this address is used by Linux kernel. So kernel panics.
> This patch fix it by setting up DMA buffer address before RX enabled
> and everything is fine even under broadcast packets attack.
>
> Signed-off-by: Jonathan Lin <tzungder@gmail.com>
Your email client corrupted this patch, breaking up long lines
and substituting tabs with space characters among other things.
Please fix this up and resubmit.
I would suggest trying to send the patch to yourself and then trying
to apply what arrives in your inbox, just as I would.
Thanks.
^ permalink raw reply [flat|nested] 13+ messages in thread
end of thread, other threads:[~2009-04-22 7:44 UTC | newest]
Thread overview: 13+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2009-04-20 12:58 [PATCH 2.6.29.1 1/1] 8139too: fix HW initial flow jon.lin
2009-04-20 13:28 ` Amos Kong
2009-04-21 8:52 ` David Miller
2009-04-21 9:48 ` Amos Kong
2009-04-21 10:09 ` jon.lin
2009-04-21 10:34 ` Eric Dumazet
2009-04-21 10:30 ` Eric Dumazet
2009-04-22 7:44 ` David Miller
-- strict thread matches above, loose matches on Subject: below --
2009-04-21 10:13 [PATCH 2.6.29.1 1/1]8139too:fix " User Tzungder
2009-04-19 10:16 [PATCH 2.6.29.1 1/1] 8139too: fix " Tzungder Lin
2009-04-19 11:22 ` Eric Dumazet
2009-04-20 1:54 ` Tzungder Lin
2009-04-20 10:14 ` David Miller
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).