[realtek] Bug in rtl8129_rx() & other problems
Stephan Brauss
sbrauss@optronic.ch
Tue Apr 16 10:41:02 2002
Hi all!
I think I have found a bug in rtl8129_rx(): It is possible that dev_alloc_skb()
is called with a negative argument, which causes my machine to crash.
My system runs a heavy rtlinux task, that uses about 90% CPU time.
Therefore, network interrupts are no more handled so quickly.
Anyway, after many hours of debugging, I have changed the code like follows:
} else {
/* Malloc up new buffer, compatible with net-2e. */
/* Omit the four octet CRC from the length. */
struct sk_buff *skb;
int pkt_size = rx_size - 4;
+ if(pkt_size<0)
+ {
+ printk(KERN_ERR"%s: Impossible packet length.\n",dev->name);
+ tp->stats.rx_dropped++;
+ rtl_hw_start(dev);
+ break;
+ }
skb = dev_alloc_skb(pkt_size + 2);
if (skb == NULL) {
Maybe someone has a better solution?
With the patch, the kernel no more crashes but I still get other messages:
eth0: Abnormal interrupt, status 00000011.
eth0: Abnormal interrupt, status 00000021.
eth0: Abnormal interrupt, status 00000015.
eth0: Abnormal interrupt, status 00000030.
eth0: Abnormal interrupt, status 00000020.
eth0: RTL8139 Interrupt line blocked, status 4.
eth0: RTL8139 Interrupt line blocked, status 5.
eth0: Transmit timeout, status 0d 0000 media 00.
The "Abnormal interrupt" messages disappear when I increase RX_BUF_LEN_IDX to 3 (64K).
I think they come from receive buffer overruns, because the rttask uses much CPU time.
The "Interrupt line blocked" is strange. It is related to SMP stuff but my machine
has only one CPU?! Donald: Could you please explain me the meaning of the
"Check for bogusness" comment/code part?
The "Transmit timeout" occurs from time to time. I applied the patch from Edgar
Toering, but it does not help. It maybe turns up less frequently, but I'm not sure.
Thanks
Stephan