3c509(B), rx_skbuff[] entries occasionally NULL...
Matti Aarnio
matti.aarnio@sonera.fi
Mon Sep 21 10:24:57 1998
Hello,
In 3c95x.c version 0.99F there is occasional tendency to crash by
doing a NULL pointer dereferrence at line 1859:
temp = skb_put(skb, pkt_len);
(Inside the skb_put() function.)
However that is a sign that SOMETHING was received into physical
address of the previous skb. That may be able to cause surprises
by overwriting kernel memory, although likely the NULL-pointer
referrence is more likely to cause system death than possible
mysterious memory overwrites by busmastering...
The reason is that code preceeding it does not handle gracefully
a situation when rx_skbuff[entry] pointer to a socket is NULL.
(The skb replinisher has not had a change to fill used skb for
some reason, and the pointer has been left to be NULL; around
line 1900 at the 0.99F source.)
I suspect, that the code as is lets the .addr member of rx_ring[]
to the old value, and that causes possible surprises in the same
situation, although likely the NULL-pointer referrence is more
likely to cause system death than "mysterious" overwrite of previously
existing