From owner-freebsd-net@FreeBSD.ORG Fri Oct 7 08:07:54 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9801C16A41F; Fri, 7 Oct 2005 08:07:54 +0000 (GMT) (envelope-from jura@networks.ru) Received: from networks.ru (orange.networks.ru [80.249.138.5]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9C7CC43D48; Fri, 7 Oct 2005 08:07:53 +0000 (GMT) (envelope-from jura@networks.ru) Received: from [81.195.67.217] (HELO Jura) by networks.ru (CommuniGate Pro SMTP 4.3.8) with ESMTPS id 1987193; Fri, 07 Oct 2005 12:07:51 +0400 Message-ID: <092e01c5cb15$f7fe5840$6504010a@Jura> From: "Yuriy N. Shkandybin" To: Date: Fri, 7 Oct 2005 12:06:05 +0400 MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----=_NextPart_000_092B_01C5CB37.7E6C8C50" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2670 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2670 Cc: jhb@freebsd.org Subject: if_nge & if_lge drivers X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 07 Oct 2005 08:07:54 -0000 This is a multi-part message in MIME format. ------=_NextPart_000_092B_01C5CB37.7E6C8C50 Content-Type: text/plain; format=flowed; charset="koi8-r"; reply-type=original Content-Transfer-Encoding: 7bit Hello. I saw John Baldwin commit to if_lge.c rev 1.43 and perform same changes for if_nge.c I've tested it and it works. Patch in attachment or available from http://www.netams.com/if_nge.c.patch Also i've noticed if_lge affected same problem i've met nge. In if_lgereg.h we have struct lge_list_data { struct lge_rx_desc lge_rx_list[LGE_RX_LIST_CNT]; struct lge_tx_desc lge_tx_list[LGE_TX_LIST_CNT]; }; In if_lge.c 524: sc->lge_ldata = contigmalloc(sizeof(struct lge_list_data), M_DEVBUF, M_NOWAIT, 0, 0xffffffff, PAGE_SIZE, 0); So lge_rx_list and lge_tx_list might be initialized with garbage in it. But in lge_stop() there is: /* * Free data in the RX lists. */ for (i = 0; i < LGE_RX_LIST_CNT; i++) { if (sc->lge_ldata->lge_rx_list[i].lge_mbuf != NULL) { m_freem(sc->lge_ldata->lge_rx_list[i].lge_mbuf); sc->lge_ldata->lge_rx_list[i].lge_mbuf = NULL; } } And lge_stop() called from lge_init() (if_lge.c line 1242) So m_freem() called on garbage from lge_rx_list! I suggest to add M_ZERO to contigmalloc() flags for both if_nge.c and if_lge.c Jura ------=_NextPart_000_092B_01C5CB37.7E6C8C50 Content-Type: application/octet-stream; name="if_nge.c.patch" Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename="if_nge.c.patch" --- if_nge.c.orig Fri Oct 7 10:51:29 2005=0A= +++ if_nge.c Fri Oct 7 11:49:09 2005=0A= @@ -742,7 +742,7 @@=0A= }=0A= =0A= if (i =3D=3D NGE_TIMEOUT)=0A= - printf("nge%d: reset never completed\n", sc->nge_unit);=0A= + if_printf(sc->nge_ifp, "reset never completed\n");=0A= =0A= /* Wait a little while for the chip to get its brains in order. */=0A= DELAY(1000);=0A= @@ -791,13 +791,10 @@=0A= {=0A= u_char eaddr[ETHER_ADDR_LEN];=0A= struct nge_softc *sc;=0A= - struct ifnet *ifp;=0A= - int unit, error =3D 0, rid;=0A= - const char *sep =3D "";=0A= + struct ifnet *ifp=3DNULL;=0A= + int error =3D 0, rid;=0A= =0A= sc =3D device_get_softc(dev);=0A= - unit =3D device_get_unit(dev);=0A= - bzero(sc, sizeof(struct nge_softc));=0A= =0A= NGE_LOCK_INIT(sc, device_get_nameunit(dev));=0A= /*=0A= @@ -809,7 +806,7 @@=0A= sc->nge_res =3D bus_alloc_resource_any(dev, NGE_RES, &rid, RF_ACTIVE);=0A= =0A= if (sc->nge_res =3D=3D NULL) {=0A= - printf("nge%d: couldn't map ports/memory\n", unit);=0A= + device_printf(dev, "couldn't map ports/memory\n");=0A= error =3D ENXIO;=0A= goto fail;=0A= }=0A= @@ -823,11 +820,20 @@=0A= RF_SHAREABLE | RF_ACTIVE);=0A= =0A= if (sc->nge_irq =3D=3D NULL) {=0A= - printf("nge%d: couldn't map interrupt\n", unit);=0A= - bus_release_resource(dev, NGE_RES, NGE_RID, sc->nge_res);=0A= + device_printf(dev, "couldn't map interrupt\n");=0A= error =3D ENXIO;=0A= goto fail;=0A= }=0A= + =0A= + /*=0A= + * Hookup IRQ last.=0A= + */=0A= + error =3D bus_setup_intr(dev, sc->nge_irq, INTR_TYPE_NET | INTR_MPSAFE,=0A= + nge_intr, sc, &sc->nge_intrhand);=0A= + if (error) {=0A= + device_printf(dev, "couldn't set up irq\n");=0A= + goto fail;=0A= + }=0A= =0A= /* Reset the adapter. */=0A= nge_reset(sc);=0A= @@ -839,25 +845,19 @@=0A= nge_read_eeprom(sc, (caddr_t)&eaddr[2], NGE_EE_NODEADDR + 1, 1, 0);=0A= nge_read_eeprom(sc, (caddr_t)&eaddr[0], NGE_EE_NODEADDR + 2, 1, 0);=0A= =0A= - sc->nge_unit =3D unit;=0A= -=0A= /* XXX: leaked on error */=0A= sc->nge_ldata =3D contigmalloc(sizeof(struct nge_list_data), M_DEVBUF,=0A= - M_NOWAIT, 0, 0xffffffff, PAGE_SIZE, 0);=0A= + M_NOWAIT|M_ZERO, 0, 0xffffffff, PAGE_SIZE, 0);=0A= =0A= if (sc->nge_ldata =3D=3D NULL) {=0A= - printf("nge%d: no memory for list buffers!\n", unit);=0A= - bus_release_resource(dev, SYS_RES_IRQ, 0, sc->nge_irq);=0A= - bus_release_resource(dev, NGE_RES, NGE_RID, sc->nge_res);=0A= + device_printf(dev, "no memory for list buffers!\n");=0A= error =3D ENXIO;=0A= goto fail;=0A= }=0A= =0A= ifp =3D sc->nge_ifp =3D if_alloc(IFT_ETHER);=0A= if (ifp =3D=3D NULL) {=0A= - printf("nge%d: can not if_alloc()\n", unit);=0A= - bus_release_resource(dev, SYS_RES_IRQ, 0, sc->nge_irq);=0A= - bus_release_resource(dev, NGE_RES, NGE_RID, sc->nge_res);=0A= + device_printf(dev, "can not if_alloc()\n");=0A= error =3D ENOSPC;=0A= goto fail;=0A= }=0A= @@ -893,19 +893,13 @@=0A= ifmedia_init(&sc->nge_ifmedia, 0, nge_ifmedia_upd, =0A= nge_ifmedia_sts);=0A= #define ADD(m, c) ifmedia_add(&sc->nge_ifmedia, (m), (c), NULL)=0A= -#define PRINT(s) printf("%s%s", sep, s); sep =3D ", "=0A= ADD(IFM_MAKEWORD(IFM_ETHER, IFM_NONE, 0, 0), 0);=0A= - device_printf(dev, " ");=0A= ADD(IFM_MAKEWORD(IFM_ETHER, IFM_1000_SX, 0, 0), 0);=0A= - PRINT("1000baseSX");=0A= ADD(IFM_MAKEWORD(IFM_ETHER, IFM_1000_SX, IFM_FDX, 0),0);=0A= - PRINT("1000baseSX-FDX");=0A= ADD(IFM_MAKEWORD(IFM_ETHER, IFM_AUTO, 0, 0), 0);=0A= - PRINT("auto");=0A= - =0A= - printf("\n");=0A= #undef ADD=0A= -#undef PRINT=0A= + device_printf(dev, " 1000baseSX, 1000baseSX-FDX, auto\n");=0A= + =0A= ifmedia_set(&sc->nge_ifmedia, =0A= IFM_MAKEWORD(IFM_ETHER, IFM_AUTO, 0, 0));=0A= =0A= @@ -916,11 +910,7 @@=0A= | NGE_GPIO_GP3_IN | NGE_GPIO_GP4_IN);=0A= =0A= } else {=0A= - printf("nge%d: MII without any PHY!\n", sc->nge_unit);=0A= - if_free(ifp);=0A= - bus_release_resource(dev, SYS_RES_IRQ, 0, sc->nge_irq);=0A= - bus_release_resource(dev, NGE_RES, NGE_RID, =0A= - sc->nge_res);=0A= + device_printf(dev, "MII without any PHY!\n");=0A= error =3D ENXIO;=0A= goto fail;=0A= }=0A= @@ -931,24 +921,21 @@=0A= */=0A= ether_ifattach(ifp, eaddr);=0A= callout_init(&sc->nge_stat_ch, CALLOUT_MPSAFE);=0A= + return (0);=0A= =0A= - /*=0A= - * Hookup IRQ last.=0A= - */=0A= - error =3D bus_setup_intr(dev, sc->nge_irq, INTR_TYPE_NET | INTR_MPSAFE,=0A= - nge_intr, sc, &sc->nge_intrhand);=0A= - if (error) {=0A= - /* XXX: resource leaks */=0A= +fail:=0A= + if (sc->nge_ldata)=0A= + contigfree(sc->nge_ldata,=0A= + sizeof(struct nge_list_data), M_DEVBUF);=0A= + if (ifp)=0A= if_free(ifp);=0A= + if (sc->nge_intrhand)=0A= + bus_teardown_intr(dev, sc->nge_irq, sc->nge_intrhand);=0A= + if (sc->nge_irq)=0A= bus_release_resource(dev, SYS_RES_IRQ, 0, sc->nge_irq);=0A= + if (sc->nge_res)=0A= bus_release_resource(dev, NGE_RES, NGE_RID, sc->nge_res);=0A= - printf("nge%d: couldn't set up irq\n", unit);=0A= - }=0A= -=0A= -fail:=0A= -=0A= - if (error)=0A= - NGE_LOCK_DESTROY(sc);=0A= + NGE_LOCK_DESTROY(sc);=0A= return(error);=0A= }=0A= =0A= @@ -1345,8 +1332,8 @@=0A= if (CSR_READ_4(sc, NGE_TBI_BMSR) =0A= & NGE_TBIBMSR_ANEG_DONE) {=0A= if (bootverbose)=0A= - printf("nge%d: gigabit link up\n",=0A= - sc->nge_unit);=0A= + if_printf(sc->nge_ifp, =0A= + "gigabit link up\n");=0A= nge_miibus_statchg(sc->nge_miibus);=0A= sc->nge_link++;=0A= if (ifp->if_snd.ifq_head !=3D NULL)=0A= @@ -1363,8 +1350,8 @@=0A= sc->nge_link++;=0A= if (IFM_SUBTYPE(mii->mii_media_active) =0A= =3D=3D IFM_1000_T && bootverbose)=0A= - printf("nge%d: gigabit link up\n",=0A= - sc->nge_unit);=0A= + if_printf(sc->nge_ifp, =0A= + "gigabit link up\n");=0A= if (ifp->if_snd.ifq_head !=3D NULL)=0A= nge_start_locked(ifp);=0A= }=0A= @@ -1682,6 +1669,7 @@=0A= * Cancel pending I/O and free all RX/TX buffers.=0A= */=0A= nge_stop(sc);=0A= + nge_reset(sc);=0A= =0A= if (sc->nge_tbi) {=0A= mii =3D NULL;=0A= @@ -1702,8 +1690,8 @@=0A= =0A= /* Init circular RX list. */=0A= if (nge_list_rx_init(sc) =3D=3D ENOBUFS) {=0A= - printf("nge%d: initialization failed: no "=0A= - "memory for rx buffers\n", sc->nge_unit);=0A= + if_printf(sc->nge_ifp, "initialization failed: no "=0A= + "memory for rx buffers\n");=0A= nge_stop(sc);=0A= return;=0A= }=0A= @@ -2086,7 +2074,7 @@=0A= sc =3D ifp->if_softc;=0A= =0A= ifp->if_oerrors++;=0A= - printf("nge%d: watchdog timeout\n", sc->nge_unit);=0A= + if_printf(sc->nge_ifp, "watchdog timeout\n");=0A= =0A= NGE_LOCK(sc);=0A= nge_stop(sc);=0A= ------=_NextPart_000_092B_01C5CB37.7E6C8C50--