From patchwork Wed Aug 14 21:31:25 2013 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Peter Wu X-Patchwork-Id: 267205 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id CF20F2C0210 for ; Thu, 15 Aug 2013 07:31:33 +1000 (EST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S933263Ab3HNVba (ORCPT ); Wed, 14 Aug 2013 17:31:30 -0400 Received: from mail-wi0-f179.google.com ([209.85.212.179]:54005 "EHLO mail-wi0-f179.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S933097Ab3HNVb3 (ORCPT ); Wed, 14 Aug 2013 17:31:29 -0400 Received: by mail-wi0-f179.google.com with SMTP id hr7so2497813wib.12 for ; Wed, 14 Aug 2013 14:31:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:to:cc:subject:date:message-id:user-agent:in-reply-to :references:mime-version:content-transfer-encoding:content-type; bh=K8k2Hxu3HSTpvJgzgZo3LieNPUVwnEUYiBjJ0FKZHtg=; b=DqzUTBNfDxiAREH+FlmUnu17aOQnlT5ZeBMfDX80QZNoRfNLOHlpS2JJs1yA38lJi4 Kz8ukDJRDHcCSN5Vxtkg3CHrWGpNJO+qj+oSjV0PmeuHlNOmDmAB4KWAMoTiSfpF/75i jthW+DvG1knqsdJKofjpkI1E/fosw4qEJDYaCZaNOCIfKlrjzy3jkSeRbKYwIAMFRDSz ZxymZwYyYnM4mGm3vMuPP62Fch1JTXOHKoVooz5bkFjCRXS2MYIiEoBuCRAhKgKbB0P4 005wGEdML8Z5LvdlTIjeC9iKWZioh4D0XtHazK6HodE7z6d3kIM2aJe+upcEEXfjiFB7 G6ew== X-Received: by 10.195.18.39 with SMTP id gj7mr62397wjd.53.1376515888643; Wed, 14 Aug 2013 14:31:28 -0700 (PDT) Received: from al.localnet (al.lekensteyn.nl. [2001:470:1f15:b83::c0d1:f1ed]) by mx.google.com with ESMTPSA id nb12sm5274511wic.3.2013.08.14.14.31.26 for (version=TLSv1.2 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Wed, 14 Aug 2013 14:31:27 -0700 (PDT) From: Peter Wu To: Francois Romieu Cc: netdev@vger.kernel.org, nic_swsd@realtek.com Subject: Re: [PATCH] r8169: fix invalid register dump Date: Wed, 14 Aug 2013 23:31:25 +0200 Message-ID: <2045708.ru9COLib4d@al> User-Agent: KMail/4.10.5 (Linux/3.11.0-1-custom; KDE/4.10.5; x86_64; ; ) In-Reply-To: <20130814195829.GA1613@electric-eye.fr.zoreil.com> References: <1376426265-30353-1-git-send-email-lekensteyn@gmail.com> <3465288.NFVErF5E7l@al> <20130814195829.GA1613@electric-eye.fr.zoreil.com> MIME-Version: 1.0 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org On Wednesday 14 August 2013 21:58:29 Francois Romieu wrote: > > - memcpy_fromio(p, tp->mmio_addr, regs->len); > > + if (regs->len >= 4) { > > + for (i = 0; i < regs->len - 4; i += 4) > > + memcpy_fromio(bytes + i, tp->mmio_addr + i, 4); > > + } > > + if (i < regs->len) > > Comparison with random stack stuff when regs->len < 4. :o/ Right, let's rm $OLD_PATCH and consider this one. Checklist: 1. super large regs->len: won't be greater than R8169_REGS_SIZE (256) 2. regs->len == 0: 0 < 0 is false, nothing is copied 3. regs->len is 1, 2 or 3: i = 0, at most 3 bytes will be copied 4. regs->len is 4, i < 4 - 4, skip loop, 0 < regs->len, copy 4 5. regs->len is 5, i < 5 - 4, copy; 4 < regs->len, copy 1 With this I can now say with confidence that I haven't overlooked something related to integer overflow. You have a very sharp eye, thanks for catching my mistakes. Regards, Peter --- From: Peter Wu For some reason, my PCIe RTL8111E onboard NIC on a GA-Z68X-UD3H-B3 motherboard reads as FFs when reading from MMIO with a block size larger than 7. Therefore change to reading blocks of four bytes. Signed-off-by: Peter Wu --- drivers/net/ethernet/realtek/r8169.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/drivers/net/ethernet/realtek/r8169.c b/drivers/net/ethernet/realtek/r8169.c index b5eb419..19524c0 100644 --- a/drivers/net/ethernet/realtek/r8169.c +++ b/drivers/net/ethernet/realtek/r8169.c @@ -1897,12 +1897,19 @@ static void rtl8169_get_regs(struct net_device *dev, struct ethtool_regs *regs, void *p) { struct rtl8169_private *tp = netdev_priv(dev); + char *bytes = p; + int i = 0; if (regs->len > R8169_REGS_SIZE) regs->len = R8169_REGS_SIZE; rtl_lock_work(tp); - memcpy_fromio(p, tp->mmio_addr, regs->len); + if (regs->len >= 4) { + for (; i < regs->len - 4; i += 4) + memcpy_fromio(bytes + i, tp->mmio_addr + i, 4); + } + if (i < regs->len) + memcpy_fromio(bytes + i, tp->mmio_addr + i, regs->len - i); rtl_unlock_work(tp); }