[OpenWrt-Devel] AA on brcm47xx: Unhandled kernel unaligned access

Jonas Gorski jogo at openwrt.org
Mon Jul 14 17:42:15 EDT 2014


On Mon, Jul 14, 2014 at 11:48 PM, Nikolai Zhubr <n-a-zhubr at yandex.ru> wrote:
> 14.07.2014 20:44, Jonas Gorski:
> [...]
>
>>> If I were to speculate wildly, I would guess that B44_RXMAXLEN refers to
>>> the maximum frame length, not the maximum buffer length - and in the
>>> code, it's being fed with the maximum buffer length.
>>> This would allow the hardware to receive slightly oversized frames which
>>> can corrupt the skb.
>>
>>
>> Since there is a public datasheet[1], this is easily verifiable, and
>> it looks you are right:
>>
>> "Receive Maximum Length Register (RcvLength, Offset 0x404):
>>
>> The value stored in this register specifies the largest valid Ethernet
>> Frame to be received."
>
>
> Ok, so I'd suppose
> bw32(bp, B44_RXMAXLEN, bp->dev->mtu + ETH_HLEN + 8 + RX_HEADER_LEN)
> should instead be
> bw32(bp, B44_RXMAXLEN, bp->dev->mtu + ETH_HLEN) ?
> or
> bw32(bp, B44_RXMAXLEN, bp->dev->mtu + ETH_HLEN + 8) ?

This is the right one; mtu (the "payload") + ETH_HLEN (14 bytes) + 8
(4 bytes for vlan tag, probably 4 extra bytes for custom header
optionally used by broadcom switches)

> or maybe even
> bw32(bp, B44_RXMAXLEN, bp->dev->mtu) ?
>
> Apology for my ignorance, just can't stand testing it immediately to
> hopefully get it right for BB.
>
>
> Thank you.
> Nikolai

Thanks for testing!


Jonas
_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel



More information about the openwrt-devel mailing list