This is the mail archive of the ecos-discuss@sources.redhat.com mailing list for the eCos project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

redboot network crash with rltk8139

From: Andrew Dyer <AMDyer at gmail dot com>
To: ecos-discuss <ecos-discuss at ecos dot sourceware dot org>
Date: Tue, 12 Oct 2004 12:34:51 -0500
Subject: [ECOS] redboot network crash with rltk8139
Reply-to: Andrew Dyer <AMDyer at gmail dot com>

Hi all,

I'm trying to figure out what happened with a crash on my target.  The 
target is a custom platform based on a Toshiba TX4925 MIPS part
running redboot and using the rltk8139 driver.  The crash occured while
the target was just sitting at the redboot prompt.

The crash occured because memcpy got passed an address of 0 from 
rltk8139_recv().  rltk8139_recv() never checks for a 0 in the sg_list buffer
addresses.   eth_drv_recv() decided to use 0 based on the return from
eth_drv_msg_get().  

The comments in eth_drv_recv() indicate that a driver should know that a NULL
in the sg_list buffer address means discard, so is it a bug to not
check for a that or
is there some reason why it should never occur?

Looking at some other drivers, the dp83816 driver doesn't check for NULL, but
the LAN91C111 does.



gdb backtrace is below:

#0  _memcpy (s1=0x0, s2=0xa0023af4, n=44) 
    at /ecos-e/Projects/ecos/packages/infra/current/src/memcpy.c:165
#1  0xffffffff800030c8 in rltk8139_recv (sc=0x0, sg_list=0x800233d8, sg_len=44)
    at /ecos-e/Projects/ecos/packages/devs/eth/rltk/8139/current/src/if_8139.c:1009
#2  0xffffffff8001b204 in eth_drv_recv (sc=0x800213c8, total_len=60)
    at /ecos-e/Projects/ecos/packages/io/eth/current/src/stand_alone/eth_drv.c:489
#3  0xffffffff80003340 in rltk8139_deliver (sc=0x800213c8)
    at /ecos-e/Projects/ecos/packages/devs/eth/rltk/8139/current/src/if_8139.c:1206
#4  0xffffffff800033d0 in rltk8139_poll (sc=0xffffffff)
    at /ecos-e/Projects/ecos/packages/devs/eth/rltk/8139/current/src/if_8139.c:1281
#5  0xffffffff8001afc8 in eth_drv_read (eth_hdr=0x80023598 "ÿÿÿÿÿÿ",
    buf=0x8002e5a8 "E", len=1526)
    at /ecos-e/Projects/ecos/packages/io/eth/current/src/stand_alone/eth_drv.c:398
#6  0xffffffff800166c8 in __enet_poll ()
    at /ecos-e/Projects/ecos/packages/redboot/current/src/net/enet.c:158
#7  0xffffffff80017568 in __tcp_poll ()
    at /ecos-e/Projects/ecos/packages/redboot/current/src/net/tcp.c:645
#8  0xffffffff80007008 in net_io_test (is_idle=0)
    at /ecos-e/Projects/ecos/packages/redboot/current/src/net/net_io.c:551
#9  0xffffffff80012a1c in do_idle (is_idle=1)
    at /ecos-e/Projects/ecos/packages/redboot/current/src/main.c:211
#10 0xffffffff8001448c in _rb_gets_preloaded (buf=0x8002c240 "", buflen=256,
    timeout=0) at /ecos-e/Projects/ecos/packages/redboot/current/src/io.c:383
#11 0xffffffff800144d8 in _rb_gets (
    buf=0xffffffff <Address 0xffffffff out of bounds>, buflen=-1610466572,
    timeout=44) at /ecos-e/Projects/ecos/packages/redboot/current/src/io.c:637
#12 0xffffffff80012cf4 in cyg_start ()
    at /ecos-e/Projects/ecos/packages/redboot/current/src/main.c:371
-- 
Hardware, n.:
        The parts of a computer system that can be kicked.

--
Before posting, please read the FAQ: http://ecos.sourceware.org/fom/ecos
and search the list archive: http://ecos.sourceware.org/ml/ecos-discuss

Follow-Ups:
- Re: redboot network crash with rltk8139
  - From: jerzy dyrda

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]