[RFC PATCH v0.1] net driver: mpc52xx fec

Juergen Beisert jbe at pengutronix.de
Tue Oct 2 02:24:14 EST 2007


On Monday 01 October 2007 10:35, Juergen Beisert wrote:
> 2) Same target runs 2.6.23-rc8-rt1
>
> @host$ nmap 192.168.23.226
>
> Starting Nmap 4.20 ( http://insecure.org ) at 2007-10-01 10:15 CEST
> Interesting ports on 192.168.23.226:
> Not shown: 871 filtered ports, 824 closed ports
> PORT   STATE SERVICE
> 22/tcp open  ssh
> 23/tcp open  telnet
>
> Nmap finished: 1 IP address (1 host up) scanned in 14.116 seconds
>
> Network on target dies. But can be reactivated by an "ifconfig eth0 down;
> ifconfig eth0 up". I included some printk statements into the fec.c source
> to see what interrupts are happen.
>
> "r" means fec_rx_interrupt was entered, "t" means fec_tx_interrupt was
> entered and "p" means fec_interrupt was entered. This is the output of the
> nmap "attack" above:
>
> rtrtrrr
>  at this point: fec_hard_start_xmit, stop queue
> rrt
>  at this point: fec_tx_interrupt, wake queue
> ttrr
>  at this point: fec_hard_start_xmit, stop queue
> rrt
>  at this point: fec_tx_interrupt, wake queue
> ttrr
>  at this point: fec_hard_start_xmit, stop queue
> rrt
>  at this point: fec_tx_interrupt, wake queue
> ttrr
>  at this point: fec_hard_start_xmit, stop queue
> rrt
>  at this point: fec_tx_interrupt, wake queue
> ttrr
>  at this point: fec_hard_start_xmit, stop queue
> rrt
>  at this point: fec_tx_interrupt, wake queue
> ttrr
>  at this point: fec_hard_start_xmit, stop queue
> rrt
>  at this point: fec_tx_interrupt, wake queue
> ttr
>  at this point: fec_hard_start_xmit, stop queue
> rrt
>  at this point: fec_tx_interrupt, wake queue
>  at this point: fec_hard_start_xmit, stop queue
> t
>  at this point: fec_tx_interrupt, wake queue
> tp
> <7>net eth0: ievent: 08020000
>
> ...at this point the network is dead.
>
> BTW: Without rt-preempt none of the wake/stop queue events and no
> fec_interrupt occurs. I only see a long list of "r"s and "t"s...

We tried again with rt-preempt and increased the priority of FEC's three 
interrupts: And now it survives the nmap "attack". But we don't know now if 
we only changed the behavior or fixed the bug?

BTW: Is it possible that fec_interrupt(() doesn' handle FEC_IEVENT_RFIFO_ERROR  
and FEC_IEVENT_XFIFO_ERROR)) incorrectly? The lines makes more sense with the 
following patch (but we are not sure about authors real intention).

@@ -506,7 +484,7 @@ static irqreturn_t fec_interrupt(int irq

        out_be32(&fec->ievent, ievent);         /* clear pending events */

-       if (ievent & ~(FEC_IEVENT_RFIFO_ERROR | FEC_IEVENT_XFIFO_ERROR)) {
+       if (!(ievent & (FEC_IEVENT_RFIFO_ERROR | FEC_IEVENT_XFIFO_ERROR))) {
                if (ievent & ~FEC_IEVENT_TFINT)
                        dev_dbg(&dev->dev, "ievent: %08x\n", ievent);
                return IRQ_HANDLED;

Juergen

-- 
Dipl.-Ing. Juergen Beisert | http://www.pengutronix.de
 Pengutronix - Linux Solutions for Science and Industry
    Handelsregister: Amtsgericht Hildesheim, HRA 2686
         Vertretung Sued/Muenchen, Germany
   Phone: +49-8766-939 228 |  Fax: +49-5121-206917-9


More information about the Linuxppc-embedded mailing list