On Sat, 24 Dec 2005, Manfred Spraul wrote:
>
> Two critical bugs were found in forcedeth 0.47:
> - TSO doesn't work.
> - pci_map_single() for the rx buffers is called with size==0. This bug is
> critical, it causes random memory corruptions on systems with an iommu.
Good catch. Btw, should we perhaps disallow (or at least WARN_ON())
pci_map_single() with a length of zero? I think it's always likely a bug..
However, that
"skb->end - skb->data"
calculation is a bit strange. It correctly maps the whole skb, but
wouldn't it make more sense to use the length we actually tell the card to
use?
In other words, wouldn't it be a whole lot more sensible and logical to
use
np->rx_buf_sz
instead? That's the value we use for allocation and that's the size we
tell the card we have.
Of course, on the alloc path, it seems to add an additional
"NV_RX_ALLOC_PAD" thing, so maybe the "end-data" thing makes sense.
Linus
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]