LinuxLists.cc - Is this bug too obvious?

2007-02-14 00:41:15

Subject: Is this bug too obvious?

drivers/usb/net/usbnet.c:

int
usbnet_probe (struct usb_interface *udev, const struct usb_device_id *prod)
{
struct usbnet *dev;
struct net_device *net;
struct usb_host_interface *interface;
struct driver_info *info;
struct usb_device *xdev;
int status;

...

net = alloc_etherdev(sizeof(*dev));
^^^^
*net ???

2007-02-14 00:54:00

by Randy Dunlap

[permalink] [raw]

Subject: Re: Is this bug too obvious?

On Tue, 13 Feb 2007 19:41:34 -0500 Chuck Ebbert wrote:

[adding linux-usb-devel]

> drivers/usb/net/usbnet.c:
>
> int
> usbnet_probe (struct usb_interface *udev, const struct usb_device_id *prod)
> {
> struct usbnet *dev;
> struct net_device *net;
> struct usb_host_interface *interface;
> struct driver_info *info;
> struct usb_device *xdev;
> int status;
>
> ...
>
> net = alloc_etherdev(sizeof(*dev));
> ^^^^
> *net ???
>
> -

---
~Randy
*** Remember to use Documentation/SubmitChecklist when testing your code ***

2007-02-14 01:06:27

by David Brownell

[permalink] [raw]

Subject: Re: [linux-usb-devel] Is this bug too obvious?

No bug; read net/ethernet/eth.c to see what that parameter means.

> > drivers/usb/net/usbnet.c:
> >
> > int
> > usbnet_probe (struct usb_interface *udev, const struct usb_device_id *prod)
> > {
> > struct usbnet *dev;
> > struct net_device *net;
> > struct usb_host_interface *interface;
> > struct driver_info *info;
> > struct usb_device *xdev;
> > int status;
> >
> > ...
> >
> > net = alloc_etherdev(sizeof(*dev));
> > ^^^^
> > *net ???

It's allocating *extra* space ... used just a few lines later:

dev = netdev_priv(net);

2007-02-14 01:06:51

by Daniel Barkalow

[permalink] [raw]

Subject: Re: Is this bug too obvious?

On Tue, 13 Feb 2007, Chuck Ebbert wrote:

> drivers/usb/net/usbnet.c:
>
> int
> usbnet_probe (struct usb_interface *udev, const struct usb_device_id *prod)
> {
> struct usbnet *dev;
> struct net_device *net;
> struct usb_host_interface *interface;
> struct driver_info *info;
> struct usb_device *xdev;
> int status;
>
> ...
>
> net = alloc_etherdev(sizeof(*dev));
> ^^^^
> *net ???

No, alloc_etherdev takes the size of the private data, which, in this
case, is *dev.

-Daniel
*This .sig left intentionally blank*

2007-02-14 01:12:35

by Chuck Ebbert

[permalink] [raw]

Subject: Re: Is this bug too obvious?

Daniel Barkalow wrote:
> On Tue, 13 Feb 2007, Chuck Ebbert wrote:
>
>> drivers/usb/net/usbnet.c:
>>
>> int
>> usbnet_probe (struct usb_interface *udev, const struct usb_device_id *prod)
>> {
>> struct usbnet *dev;
>> struct net_device *net;
>> struct usb_host_interface *interface;
>> struct driver_info *info;
>> struct usb_device *xdev;
>> int status;
>>
>> ...
>>
>> net = alloc_etherdev(sizeof(*dev));
>> ^^^^
>> *net ???
>
> No, alloc_etherdev takes the size of the private data, which, in this
> case, is *dev.
>
> -Daniel
> *This .sig left intentionally blank*

OK I'll keep looking for the cause of the oops then:

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=228231

2007-02-16 22:36:15

by Pete Zaitcev

[permalink] [raw]

Subject: usbnet/rndis (was: Is this bug too obvious?)

On Tue, 13 Feb 2007 20:13:06 -0500, Chuck Ebbert <[email protected]> wrote:

> OK I'll keep looking for the cause of the oops then:
>
> https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=228231

> Feb 12 01:11:29 MyComputer kernel: ohci_hcd 0000:00:02.1: auto-wakeup
> Feb 12 01:11:30 MyComputer kernel: usb 2-3: new full speed USB device using ohci_hcd and address 2
> Feb 12 01:11:30 MyComputer kernel: usb 2-3: configuration #1 chosen from 1 choice
> Feb 12 01:11:30 MyComputer kernel: drivers/usb/class/cdc-acm.c: Ignoring extra header, type -3, length 4
> Feb 12 01:11:30 MyComputer kernel: cdc_acm 2-3:1.1: ttyACM0: USB ACM device
> Feb 12 01:11:30 MyComputer kernel: usbcore: registered new interface driver cdc_acm
> Feb 12 01:11:30 MyComputer kernel: drivers/usb/class/cdc-acm.c: v0.25:USB Abstract Control Model driver for USB modems and ISDN adapters
> Feb 12 01:11:31 MyComputer kernel: usbcore: registered new interface driver cdc_ether
> Feb 12 01:11:31 MyComputer kernel: rndis_host 2-3:1.9: RNDIS init failed, -110
> Feb 12 01:11:31 MyComputer kernel: usb%d: unregister 'rndis_host' usb-0000:00:02.1-3, RNDIS device
> Feb 12 01:11:31 MyComputer kernel: BUGging on (!PageSlab(page))
> Feb 12 01:11:31 MyComputer kernel: ------------[ cut here ]------------
> Feb 12 01:11:31 MyComputer kernel: kernel BUG at mm/slab.c:594!

This looks like a kfree with a bogus address, possibly poisoned.

If you don't do it sooner, I'll look at the error paths in rndis
and/or usbnet.

BTW, for USB code, it's best to send to [email protected].

-- Pete

2007-02-16 23:37:49

by David Brownell

[permalink] [raw]

Subject: Re: [linux-usb-devel] usbnet/rndis (was: Is this bug too obvious?)

> If you don't do it sooner, I'll look at the error paths in rndis
> and/or usbnet.

Try that patch I sent by this morning. ISTR getting some
positive reports from that...