Check the return value of vortex_up(), which could be error code when
the rx ring is not full.
Signed-off-by: Li Zhong <[email protected]>
---
drivers/net/ethernet/3com/3c59x.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/3com/3c59x.c b/drivers/net/ethernet/3com/3c59x.c
index ccf07667aa5e..7806c5f60ac8 100644
--- a/drivers/net/ethernet/3com/3c59x.c
+++ b/drivers/net/ethernet/3com/3c59x.c
@@ -1942,6 +1942,7 @@ vortex_error(struct net_device *dev, int status)
void __iomem *ioaddr = vp->ioaddr;
int do_tx_reset = 0, reset_mask = 0;
unsigned char tx_status = 0;
+ int err;
if (vortex_debug > 2) {
pr_err("%s: vortex_error(), status=0x%x\n", dev->name, status);
@@ -2016,7 +2017,9 @@ vortex_error(struct net_device *dev, int status)
/* Must not enter D3 or we can't legally issue the reset! */
vortex_down(dev, 0);
issue_and_wait(dev, TotalReset | 0xff);
- vortex_up(dev); /* AKPM: bug. vortex_up() assumes that the rx ring is full. It may not be. */
+ err = vortex_up(dev);
+ if (err)
+ return;
} else if (fifo_diag & 0x0400)
do_tx_reset = 1;
if (fifo_diag & 0x3000) {
--
2.25.1
On Mon, Sep 19, 2022 at 12:36:31AM -0700, Li Zhong wrote:
> Check the return value of vortex_up(), which could be error code when
> the rx ring is not full.
>
> Signed-off-by: Li Zhong <[email protected]>
> ---
> drivers/net/ethernet/3com/3c59x.c | 5 ++++-
> 1 file changed, 4 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/net/ethernet/3com/3c59x.c b/drivers/net/ethernet/3com/3c59x.c
> index ccf07667aa5e..7806c5f60ac8 100644
> --- a/drivers/net/ethernet/3com/3c59x.c
> +++ b/drivers/net/ethernet/3com/3c59x.c
> @@ -1942,6 +1942,7 @@ vortex_error(struct net_device *dev, int status)
> void __iomem *ioaddr = vp->ioaddr;
> int do_tx_reset = 0, reset_mask = 0;
> unsigned char tx_status = 0;
> + int err;
>
> if (vortex_debug > 2) {
> pr_err("%s: vortex_error(), status=0x%x\n", dev->name, status);
> @@ -2016,7 +2017,9 @@ vortex_error(struct net_device *dev, int status)
> /* Must not enter D3 or we can't legally issue the reset! */
> vortex_down(dev, 0);
> issue_and_wait(dev, TotalReset | 0xff);
> - vortex_up(dev); /* AKPM: bug. vortex_up() assumes that the rx ring is full. It may not be. */
> + err = vortex_up(dev);
> + if (err)
> + return;
Why does that fix the bug mentioned in the above comment?
On Tue, Sep 20, 2022 at 3:02 AM Steffen Klassert
<[email protected]> wrote:
>
> On Mon, Sep 19, 2022 at 12:36:31AM -0700, Li Zhong wrote:
> > Check the return value of vortex_up(), which could be error code when
> > the rx ring is not full.
> >
> > Signed-off-by: Li Zhong <[email protected]>
> > ---
> > drivers/net/ethernet/3com/3c59x.c | 5 ++++-
> > 1 file changed, 4 insertions(+), 1 deletion(-)
> >
> > diff --git a/drivers/net/ethernet/3com/3c59x.c b/drivers/net/ethernet/3com/3c59x.c
> > index ccf07667aa5e..7806c5f60ac8 100644
> > --- a/drivers/net/ethernet/3com/3c59x.c
> > +++ b/drivers/net/ethernet/3com/3c59x.c
> > @@ -1942,6 +1942,7 @@ vortex_error(struct net_device *dev, int status)
> > void __iomem *ioaddr = vp->ioaddr;
> > int do_tx_reset = 0, reset_mask = 0;
> > unsigned char tx_status = 0;
> > + int err;
> >
> > if (vortex_debug > 2) {
> > pr_err("%s: vortex_error(), status=0x%x\n", dev->name, status);
> > @@ -2016,7 +2017,9 @@ vortex_error(struct net_device *dev, int status)
> > /* Must not enter D3 or we can't legally issue the reset! */
> > vortex_down(dev, 0);
> > issue_and_wait(dev, TotalReset | 0xff);
> > - vortex_up(dev); /* AKPM: bug. vortex_up() assumes that the rx ring is full. It may not be. */
> > + err = vortex_up(dev);
> > + if (err)
> > + return;
>
> Why does that fix the bug mentioned in the above comment?
>
Since the bug is an unchecked error, we detect it with static analysis and
validate it's a bug by the comment we see above the code. So we fix this bug
following the guide of this comment.
On Tue, Sep 20, 2022 at 09:15:35AM -0700, Li Zhong wrote:
> On Tue, Sep 20, 2022 at 3:02 AM Steffen Klassert
> <[email protected]> wrote:
> >
> > On Mon, Sep 19, 2022 at 12:36:31AM -0700, Li Zhong wrote:
> > > Check the return value of vortex_up(), which could be error code when
> > > the rx ring is not full.
> > >
> > > Signed-off-by: Li Zhong <[email protected]>
> > > ---
> > > drivers/net/ethernet/3com/3c59x.c | 5 ++++-
> > > 1 file changed, 4 insertions(+), 1 deletion(-)
> > >
> > > diff --git a/drivers/net/ethernet/3com/3c59x.c b/drivers/net/ethernet/3com/3c59x.c
> > > index ccf07667aa5e..7806c5f60ac8 100644
> > > --- a/drivers/net/ethernet/3com/3c59x.c
> > > +++ b/drivers/net/ethernet/3com/3c59x.c
> > > @@ -1942,6 +1942,7 @@ vortex_error(struct net_device *dev, int status)
> > > void __iomem *ioaddr = vp->ioaddr;
> > > int do_tx_reset = 0, reset_mask = 0;
> > > unsigned char tx_status = 0;
> > > + int err;
> > >
> > > if (vortex_debug > 2) {
> > > pr_err("%s: vortex_error(), status=0x%x\n", dev->name, status);
> > > @@ -2016,7 +2017,9 @@ vortex_error(struct net_device *dev, int status)
> > > /* Must not enter D3 or we can't legally issue the reset! */
> > > vortex_down(dev, 0);
> > > issue_and_wait(dev, TotalReset | 0xff);
> > > - vortex_up(dev); /* AKPM: bug. vortex_up() assumes that the rx ring is full. It may not be. */
> > > + err = vortex_up(dev);
> > > + if (err)
> > > + return;
> >
> > Why does that fix the bug mentioned in the above comment?
> >
>
> Since the bug is an unchecked error
No, it is not. It is completely pointless to check the error value here.
> we detect it with static analysis and
> validate it's a bug by the comment we see above the code.
This code is from the nineties, so it is unfixed for more
then 20 years. Do you really think Andrew Morton would have
added this comment if the fix is that easy?