[OpenWrt-Devel] AA on brcm47xx: Unhandled kernel unaligned access
Nikolai Zhubr
n-a-zhubr at yandex.ru
Mon Jul 14 17:48:05 EDT 2014
14.07.2014 20:44, Jonas Gorski:
[...]
>> If I were to speculate wildly, I would guess that B44_RXMAXLEN refers to
>> the maximum frame length, not the maximum buffer length - and in the
>> code, it's being fed with the maximum buffer length.
>> This would allow the hardware to receive slightly oversized frames which
>> can corrupt the skb.
>
> Since there is a public datasheet[1], this is easily verifiable, and
> it looks you are right:
>
> "Receive Maximum Length Register (RcvLength, Offset 0x404):
>
> The value stored in this register specifies the largest valid Ethernet
> Frame to be received."
Ok, so I'd suppose
bw32(bp, B44_RXMAXLEN, bp->dev->mtu + ETH_HLEN + 8 + RX_HEADER_LEN)
should instead be
bw32(bp, B44_RXMAXLEN, bp->dev->mtu + ETH_HLEN) ?
or
bw32(bp, B44_RXMAXLEN, bp->dev->mtu + ETH_HLEN + 8) ?
or maybe even
bw32(bp, B44_RXMAXLEN, bp->dev->mtu) ?
Apology for my ignorance, just can't stand testing it immediately to
hopefully get it right for BB.
Thank you.
Nikolai
>
> The same is true for the XmtMaxLength register, which is also set "too
> large" (it defaults to 1518).
>
>
> Jonas
>
> [1]: https://www.broadcom.com/collateral/pg/440X-PG02-R.pdf
>
> .
>
_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
More information about the openwrt-devel
mailing list