From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1HaeeE-0000YQ-EI for qemu-devel@nongnu.org; Sun, 08 Apr 2007 17:10:06 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1HaeeD-0000XD-GT for qemu-devel@nongnu.org; Sun, 08 Apr 2007 17:10:05 -0400 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1HaeeD-0000Wc-4F for qemu-devel@nongnu.org; Sun, 08 Apr 2007 17:10:05 -0400 Received: from moutng.kundenserver.de ([212.227.126.179]) by monty-python.gnu.org with esmtp (Exim 4.60) (envelope-from ) id 1HaeaR-0000bC-Tv for qemu-devel@nongnu.org; Sun, 08 Apr 2007 17:06:12 -0400 Message-ID: <4619593E.60201@mail.berlios.de> Date: Sun, 08 Apr 2007 23:06:06 +0200 From: Stefan Weil MIME-Version: 1.0 Subject: Re: [Qemu-devel] [Patch] eepro100 issues References: <20070405203415.GA24847@saturn.kn-bremen.de> In-Reply-To: <20070405203415.GA24847@saturn.kn-bremen.de> Content-Type: multipart/mixed; boundary="------------060509060503010105010309" Reply-To: qemu-devel@nongnu.org List-Id: qemu-devel.nongnu.org List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: qemu-devel@nongnu.org This is a multi-part message in MIME format. --------------060509060503010105010309 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit The crashs are caused by transmit descriptors with packet sizes larger than the buffer which is defined in the driver. Using netperf or rsync will always result in a buffer overflow and crash QEMU with the current eepro100 driver. Up to now I could not find the reason for these large packet sizes. My patch now just ignores data which does not fit in a normal frame. Netperf and rsync no longer crash when the patch is applied. Stefan Juergen Lock schrieb: > Hi again! > > I also played with the new eepro100 nic and found these things: > > 1. i82557b seem to work with > http://debian.tu-bs.de/project/sidux/release/SIDUX-2007-01-200702210759-CHAOS.ISO > (see > http://www.sidux.com/Article116.html > , it is based on debian sid), but > > 2. i82551 and i82559er with the same livecd sooner or later will cause > qemu to crash like this with no backtrace available: --------------060509060503010105010309 Content-Type: text/x-diff; name="eepro100.patch" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="eepro100.patch" --- ../branches/head/hw/eepro100.c 2007-04-07 22:53:04.000000000 +0200 +++ hw/eepro100.c 2007-04-08 22:43:13.000000000 +0200 @@ -729,6 +729,7 @@ logout ("TBD (simplified mode): buffer address 0x%08x, size 0x%04x\n", tx_buffer_address, tx_buffer_size); + assert(size + tx_buffer_size <= sizeof(buf)); cpu_physical_memory_read(tx_buffer_address, &buf[size], tx_buffer_size); size += tx_buffer_size; @@ -749,9 +750,13 @@ logout ("TBD (extended mode): buffer address 0x%08x, size 0x%04x\n", tx_buffer_address, tx_buffer_size); - cpu_physical_memory_read(tx_buffer_address, &buf[size], - tx_buffer_size); - size += tx_buffer_size; + if (size + tx_buffer_size > sizeof(buf)) { + logout("bad extended TCB with size 0x%04x\n", tx_buffer_size); + } else { + cpu_physical_memory_read(tx_buffer_address, &buf[size], + tx_buffer_size); + size += tx_buffer_size; + } if (tx_buffer_el & 1) { break; } @@ -766,14 +771,20 @@ logout ("TBD (flexible mode): buffer address 0x%08x, size 0x%04x\n", tx_buffer_address, tx_buffer_size); - cpu_physical_memory_read(tx_buffer_address, &buf[size], - tx_buffer_size); - size += tx_buffer_size; + if (size + tx_buffer_size > sizeof(buf)) { + logout("bad flexible TCB with size 0x%04x\n", tx_buffer_size); + } else { + cpu_physical_memory_read(tx_buffer_address, &buf[size], + tx_buffer_size); + size += tx_buffer_size; + } if (tx_buffer_el & 1) { break; } } } + logout("%p sending frame, len=%d,%s\n", s, size, nic_dump(buf, size)); + assert(size <= sizeof(buf)); qemu_send_packet(s->vc, buf, size); s->statistics.tx_good_frames++; /* Transmit with bad status would raise an CX/TNO interrupt. --------------060509060503010105010309--