Patchwork [Bugme-new,Bug,38102] New: BUG kmalloc-2048: Poison overwritten

login
register
mail settings
Submitter Eric Dumazet
Date July 7, 2011, 9:20 a.m.
Message ID <1310030439.2127.4.camel@edumazet-HP-Compaq-6005-Pro-SFF-PC>
Download mbox | patch
Permalink /patch/103623/
State RFC
Delegated to: David Miller
Headers show

Comments

Eric Dumazet - July 7, 2011, 9:20 a.m.
Le jeudi 07 juillet 2011 à 11:45 +0400, Alexey Zaytsev a écrit :
> On Thu, Jul 7, 2011 at 10:48, Eric Dumazet <eric.dumazet@gmail.com> wrote:
> > Le jeudi 07 juillet 2011 à 10:32 +0400, Alexey Zaytsev a écrit :
> >> Sorry, been busy for the last couple days. Any patches I should test?
> >
> > Please try :
> >
> 
> Thanks. Seems to fail to initialize, getting this in dmesg:
> 
> [  103.421577] b44 0000:02:0e.0: PCI INT A -> GSI 16 (level, low) -> IRQ 16
> [  103.440139] ssb: Core 0 found: Fast Ethernet (cc 0x806, rev 0x07,
> vendor 0x4243)
> [  103.440159] ssb: Core 1 found: V90 (cc 0x807, rev 0x03, vendor 0x4243)
> [  103.440177] ssb: Core 2 found: PCI (cc 0x804, rev 0x0A, vendor 0x4243)
> [  103.481128] ssb: Sonics Silicon Backplane found on PCI device 0000:02:0e.0
> [  103.481532] b44: b44.c:v2.0
> [  103.502185] b44 ssb1:0: eth0: Broadcom 44xx/47xx 10/100BaseT
> Ethernet 00:17:a4:dd:4e:93
> [  109.405071] b44 ssb1:0: eth0: powering down PHY
> [  112.816456] b44 ssb1:0: eth0: Link is up at 100 Mbps, full duplex
> [  112.816470] b44 ssb1:0: eth0: Flow control is off for TX and off for RX
> [  112.952073] b44 ssb1:0: eth0: powering down PHY
> [  113.816148] b44 ssb1:0: eth0: Link is down
> [  114.953717] b44 ssb1:0: eth0: powering down PHY
> [  117.816246] b44 ssb1:0: eth0: Link is up at 100 Mbps, full duplex
> [  117.816260] b44 ssb1:0: eth0: Flow control is off for TX and off for RX
> [  117.963238] b44 ssb1:0: eth0: powering down PHY
> [  118.816128] b44 ssb1:0: eth0: Link is down
> [  119.962817] b44 ssb1:0: eth0: powering down PHY

Maybe this is the b44_init_hw() change :

bw32(bp, B44_DMARX_PTR, 0);

So please change this part 

Updated patch :



--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Alexey Zaytsev - July 7, 2011, 9:34 a.m.
On Thu, Jul 7, 2011 at 13:20, Eric Dumazet <eric.dumazet@gmail.com> wrote:
> Le jeudi 07 juillet 2011 à 11:45 +0400, Alexey Zaytsev a écrit :
>> On Thu, Jul 7, 2011 at 10:48, Eric Dumazet <eric.dumazet@gmail.com> wrote:
>> > Le jeudi 07 juillet 2011 à 10:32 +0400, Alexey Zaytsev a écrit :
>> >> Sorry, been busy for the last couple days. Any patches I should test?
>> >
>> > Please try :
>> >
>>
>> Thanks. Seems to fail to initialize, getting this in dmesg:
>>
>> [  103.421577] b44 0000:02:0e.0: PCI INT A -> GSI 16 (level, low) -> IRQ 16
>> [  103.440139] ssb: Core 0 found: Fast Ethernet (cc 0x806, rev 0x07,
>> vendor 0x4243)
>> [  103.440159] ssb: Core 1 found: V90 (cc 0x807, rev 0x03, vendor 0x4243)
>> [  103.440177] ssb: Core 2 found: PCI (cc 0x804, rev 0x0A, vendor 0x4243)
>> [  103.481128] ssb: Sonics Silicon Backplane found on PCI device 0000:02:0e.0
>> [  103.481532] b44: b44.c:v2.0
>> [  103.502185] b44 ssb1:0: eth0: Broadcom 44xx/47xx 10/100BaseT
>> Ethernet 00:17:a4:dd:4e:93
>> [  109.405071] b44 ssb1:0: eth0: powering down PHY
>> [  112.816456] b44 ssb1:0: eth0: Link is up at 100 Mbps, full duplex
>> [  112.816470] b44 ssb1:0: eth0: Flow control is off for TX and off for RX
>> [  112.952073] b44 ssb1:0: eth0: powering down PHY
>> [  113.816148] b44 ssb1:0: eth0: Link is down
>> [  114.953717] b44 ssb1:0: eth0: powering down PHY
>> [  117.816246] b44 ssb1:0: eth0: Link is up at 100 Mbps, full duplex
>> [  117.816260] b44 ssb1:0: eth0: Flow control is off for TX and off for RX
>> [  117.963238] b44 ssb1:0: eth0: powering down PHY
>> [  118.816128] b44 ssb1:0: eth0: Link is down
>> [  119.962817] b44 ssb1:0: eth0: powering down PHY
>
> Maybe this is the b44_init_hw() change :
>
> bw32(bp, B44_DMARX_PTR, 0);
>
> So please change this part
>
> Updated patch :

Initializes fine now, but the transfer would stall every few seconds.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Alexey Zaytsev - July 7, 2011, 9:37 a.m.
On Thu, Jul 7, 2011 at 13:34, Alexey Zaytsev <alexey.zaytsev@gmail.com> wrote:
> On Thu, Jul 7, 2011 at 13:20, Eric Dumazet <eric.dumazet@gmail.com> wrote:
>> Le jeudi 07 juillet 2011 à 11:45 +0400, Alexey Zaytsev a écrit :
>>> On Thu, Jul 7, 2011 at 10:48, Eric Dumazet <eric.dumazet@gmail.com> wrote:
>>> > Le jeudi 07 juillet 2011 à 10:32 +0400, Alexey Zaytsev a écrit :
>>> >> Sorry, been busy for the last couple days. Any patches I should test?
>>> >
>>> > Please try :
>>> >
>>>
>>> Thanks. Seems to fail to initialize, getting this in dmesg:
>>>
>>> [  103.421577] b44 0000:02:0e.0: PCI INT A -> GSI 16 (level, low) -> IRQ 16
>>> [  103.440139] ssb: Core 0 found: Fast Ethernet (cc 0x806, rev 0x07,
>>> vendor 0x4243)
>>> [  103.440159] ssb: Core 1 found: V90 (cc 0x807, rev 0x03, vendor 0x4243)
>>> [  103.440177] ssb: Core 2 found: PCI (cc 0x804, rev 0x0A, vendor 0x4243)
>>> [  103.481128] ssb: Sonics Silicon Backplane found on PCI device 0000:02:0e.0
>>> [  103.481532] b44: b44.c:v2.0
>>> [  103.502185] b44 ssb1:0: eth0: Broadcom 44xx/47xx 10/100BaseT
>>> Ethernet 00:17:a4:dd:4e:93
>>> [  109.405071] b44 ssb1:0: eth0: powering down PHY
>>> [  112.816456] b44 ssb1:0: eth0: Link is up at 100 Mbps, full duplex
>>> [  112.816470] b44 ssb1:0: eth0: Flow control is off for TX and off for RX
>>> [  112.952073] b44 ssb1:0: eth0: powering down PHY
>>> [  113.816148] b44 ssb1:0: eth0: Link is down
>>> [  114.953717] b44 ssb1:0: eth0: powering down PHY
>>> [  117.816246] b44 ssb1:0: eth0: Link is up at 100 Mbps, full duplex
>>> [  117.816260] b44 ssb1:0: eth0: Flow control is off for TX and off for RX
>>> [  117.963238] b44 ssb1:0: eth0: powering down PHY
>>> [  118.816128] b44 ssb1:0: eth0: Link is down
>>> [  119.962817] b44 ssb1:0: eth0: powering down PHY
>>
>> Maybe this is the b44_init_hw() change :
>>
>> bw32(bp, B44_DMARX_PTR, 0);
>>
>> So please change this part
>>
>> Updated patch :
>
> Initializes fine now, but the transfer would stall every few seconds.
>
Err, wait a sec, patches the wrong version.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Alexey Zaytsev - July 7, 2011, 9:43 a.m.
On Thu, Jul 7, 2011 at 13:37, Alexey Zaytsev <alexey.zaytsev@gmail.com> wrote:
> On Thu, Jul 7, 2011 at 13:34, Alexey Zaytsev <alexey.zaytsev@gmail.com> wrote:
>> On Thu, Jul 7, 2011 at 13:20, Eric Dumazet <eric.dumazet@gmail.com> wrote:
>>> Le jeudi 07 juillet 2011 à 11:45 +0400, Alexey Zaytsev a écrit :
>>>> On Thu, Jul 7, 2011 at 10:48, Eric Dumazet <eric.dumazet@gmail.com> wrote:
>>>> > Le jeudi 07 juillet 2011 à 10:32 +0400, Alexey Zaytsev a écrit :
>>>> >> Sorry, been busy for the last couple days. Any patches I should test?
>>>> >
>>>> > Please try :
>>>> >
>>>>
>>>> Thanks. Seems to fail to initialize, getting this in dmesg:
>>>>
>>>> [  103.421577] b44 0000:02:0e.0: PCI INT A -> GSI 16 (level, low) -> IRQ 16
>>>> [  103.440139] ssb: Core 0 found: Fast Ethernet (cc 0x806, rev 0x07,
>>>> vendor 0x4243)
>>>> [  103.440159] ssb: Core 1 found: V90 (cc 0x807, rev 0x03, vendor 0x4243)
>>>> [  103.440177] ssb: Core 2 found: PCI (cc 0x804, rev 0x0A, vendor 0x4243)
>>>> [  103.481128] ssb: Sonics Silicon Backplane found on PCI device 0000:02:0e.0
>>>> [  103.481532] b44: b44.c:v2.0
>>>> [  103.502185] b44 ssb1:0: eth0: Broadcom 44xx/47xx 10/100BaseT
>>>> Ethernet 00:17:a4:dd:4e:93
>>>> [  109.405071] b44 ssb1:0: eth0: powering down PHY
>>>> [  112.816456] b44 ssb1:0: eth0: Link is up at 100 Mbps, full duplex
>>>> [  112.816470] b44 ssb1:0: eth0: Flow control is off for TX and off for RX
>>>> [  112.952073] b44 ssb1:0: eth0: powering down PHY
>>>> [  113.816148] b44 ssb1:0: eth0: Link is down
>>>> [  114.953717] b44 ssb1:0: eth0: powering down PHY
>>>> [  117.816246] b44 ssb1:0: eth0: Link is up at 100 Mbps, full duplex
>>>> [  117.816260] b44 ssb1:0: eth0: Flow control is off for TX and off for RX
>>>> [  117.963238] b44 ssb1:0: eth0: powering down PHY
>>>> [  118.816128] b44 ssb1:0: eth0: Link is down
>>>> [  119.962817] b44 ssb1:0: eth0: powering down PHY
>>>
>>> Maybe this is the b44_init_hw() change :
>>>
>>> bw32(bp, B44_DMARX_PTR, 0);
>>>
>>> So please change this part
>>>
>>> Updated patch :
>>
>> Initializes fine now, but the transfer would stall every few seconds.
>>
> Err, wait a sec, patches the wrong version.
>
Ok, I've wrongly fixed this part in the clean b44.c, and got stalls.
Then fixed the patched one after applying the stash, and still got the
stalls.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Eric Dumazet - July 7, 2011, 9:52 a.m.
Le jeudi 07 juillet 2011 à 13:43 +0400, Alexey Zaytsev a écrit :

> Ok, I've wrongly fixed this part in the clean b44.c, and got stalls.
> Then fixed the patched one after applying the stash, and still got the
> stalls.

So, filling NULL to 'should not be used slots' definitely removes the
memory corruption, but also stalls the NIC.

Driver model is completely wrong. Without full hardware specs, this will
be hard to guess appropriate fixes.



--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Patch

diff --git a/drivers/net/b44.c b/drivers/net/b44.c
index 6c4ef96..555a8ce 100644
--- a/drivers/net/b44.c
+++ b/drivers/net/b44.c
@@ -688,8 +688,8 @@  static int b44_alloc_rx_skb(struct b44 *bp, int src_idx, u32 dest_idx_unmasked)
 		ctrl |= DESC_CTRL_EOT;
 
 	dp = &bp->rx_ring[dest_idx];
-	dp->ctrl = cpu_to_le32(ctrl);
 	dp->addr = cpu_to_le32((u32) mapping + bp->dma_offset);
+	dp->ctrl = cpu_to_le32(ctrl);
 
 	if (bp->flags & B44_FLAG_RX_RING_HACK)
 		b44_sync_dma_desc_for_device(bp->sdev, bp->rx_ring_dma,
@@ -725,13 +725,15 @@  static void b44_recycle_rx(struct b44 *bp, int src_idx, u32 dest_idx_unmasked)
 			                 DMA_BIDIRECTIONAL);
 
 	ctrl = src_desc->ctrl;
+	src_desc->ctrl = (ctrl & cpu_to_le32(DESC_CTRL_EOT));
 	if (dest_idx == (B44_RX_RING_SIZE - 1))
 		ctrl |= cpu_to_le32(DESC_CTRL_EOT);
 	else
 		ctrl &= cpu_to_le32(~DESC_CTRL_EOT);
 
-	dest_desc->ctrl = ctrl;
 	dest_desc->addr = src_desc->addr;
+	dest_desc->ctrl = ctrl;
+	src_desc->addr = 0;
 
 	src_map->skb = NULL;
 
@@ -1118,6 +1120,7 @@  static void b44_init_rings(struct b44 *bp)
 		if (b44_alloc_rx_skb(bp, -1, i) < 0)
 			break;
 	}
+	bp->rx_prod = i;
 }
 
 /*
@@ -1406,7 +1409,6 @@  static void b44_init_hw(struct b44 *bp, int reset_kind)
 		bw32(bp, B44_DMARX_ADDR, bp->rx_ring_dma + bp->dma_offset);
 
 		bw32(bp, B44_DMARX_PTR, bp->rx_pending);
-		bp->rx_prod = bp->rx_pending;
 
 		bw32(bp, B44_MIB_CTRL, MIB_CTRL_CLR_ON_READ);
 	}