From: Stephen Warren <swarren@wwwdotorg.org>
To: u-boot@lists.denx.de
Subject: [U-Boot] netconsole: USB Ethernet connection dropping with ping or tftpboot
Date: Fri, 06 Feb 2015 11:06:55 -0700 [thread overview]
Message-ID: <54D502BF.7070401@wwwdotorg.org> (raw)
In-Reply-To: <1423184798.1232.63.camel@posteo.de>
On 02/05/2015 06:06 PM, J?rg Krause wrote:
> On Do, 2015-02-05 at 15:23 -0700, Stephen Warren wrote:
>>
>> b) In ci_bounce(), the bounce buffer is only allocated if the
>> user-buffer is already aligned, and if a large-enough bounce buffer
>> wasn't previously allocated. If ci_req->b_buf was uninitialized it could
>> be non-zero (thus preventing the expected aligned allocation) yet not
>> actually aligned enough.
>
> I can reproduce this issue now. After some "timeout sending packets to
> usb ethernet" messages, the bounce buffer somehow gets corrupted.
> ci_bounce() is called with an unaligned input buffer length
> 'req->length=66', but the bounce buffer length
> 'ci_req->b_len=1140305940' or in hex 'ci_req->b_len=0x43f7b014'. This
> bounce buffer length is obviously an address, as the following
> misaligned error message shows: "CACHE: Misaligned operation at range
> [43f7b010, 43f7b070]".
Ah, I hadn't realized that was [start, length] rather than [start, end].
The question is: How is ci_req->b_len getting corrupted? Is it simply
never initialized, or does something trash that value later?
ci_ep_alloc_request() appears to calloc() the whole struct ci_req, so I
imagine an initialization/allocating error isn't happening.
The only issue there might be some code somehow creating its own struct
usb_request instead of calling into the controller's ->alloc_request()
function. I vaguely recall fixing some of those, but might have missed
some in protocols that I didn't test (i.e. anything other than USB Mass
Storage or DFU, although I might have very briefly tested netconsole once?).
I would suggest adding a whole ton of printfs() to catch where ci_reqs
are being allocated, and where ci_req->b_len is getting written in which
ci_req objects, and then mapping that back to the ci_req that the cache
alignment error message complains about. Sorry, this will be a bit painful.
If the ci_req is always at the same address on different boots of the
code, that will make it easier, especially if you have a debugger with a
data watchpoint, or can write some code to use any data watchpoint
self-hosted debug capability in your CPU.
next prev parent reply other threads:[~2015-02-06 18:06 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-02-03 21:44 [U-Boot] netconsole: USB Ethernet connection dropping with ping or tftpboot Jörg Krause
2015-02-05 11:21 ` Jörg Krause
2015-02-05 15:33 ` Stephen Warren
2015-02-05 22:10 ` Jörg Krause
2015-02-05 22:23 ` Stephen Warren
2015-02-05 23:19 ` Jörg Krause
2015-02-06 1:06 ` Jörg Krause
2015-02-06 18:06 ` Stephen Warren [this message]
2015-02-08 21:25 ` Jörg Krause
2015-02-09 17:38 ` Stephen Warren
2015-02-11 22:08 ` Jörg Krause
2015-02-05 19:20 ` Joe Hershberger
2015-02-05 20:39 ` Jörg Krause
2015-02-05 20:48 ` Joe Hershberger
2015-02-05 22:28 ` Jörg Krause
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=54D502BF.7070401@wwwdotorg.org \
--to=swarren@wwwdotorg.org \
--cc=u-boot@lists.denx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox