[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
oskit-mach: device_write
From: |
Daniel Wagner |
Subject: |
oskit-mach: device_write |
Date: |
Sat, 2 Mar 2002 22:13:40 +0100 |
User-agent: |
Mutt/1.3.24i |
I restarted to work on the problem I reported several
months ago [1]. It is very difficult for me to say what's
going wrong. I wrote a minimal program, which let the
oskit-mach kernel crash:
--------------------------------------------------------
#include <stdlib.h>
#include <error.h>
#include <device/device.h>
int
main (int argc, char** argv)
{
int err;
device_t ether_port;
device_t master_device;
char *name = "eth0";
u_int count;
struct _data {
char string[100];
} data;
memset (&data, 0, sizeof(struct _data));
err = get_privileged_ports (0, &master_device);
if (err)
error (2, err, "cannot get device master port");
err = device_open (master_device, D_WRITE, name, ðer_port);
mach_port_deallocate (mach_task_self (), master_device);
if (err)
error (2, err, "%s", name);
if (0)
/* The correct way (hopefully) */
device_write (ether_port, D_NOWAIT, 0,
(io_buf_ptr_t)&data, sizeof (struct _data), &count);
else
/* The size (5 parameter) is wrong */
device_write (ether_port, D_NOWAIT, 0,
(io_buf_ptr_t)&data, 4, &count);
return 0;
}
------------------------------------------------------
As you can see, of the 5 parameter of the device_write
function is wrong than oskit-mach crashes. Gnumach instead
keeps cool and puts the packet on the wire. Therefore I suspect
that the glue code is not completely correct.
I found following lines in gnuamch/linux/dev/glue/net.c
static io_return_t
device_write (void *d, ipc_port_t reply_port,
mach_msg_type_name_t reply_port_type, dev_mode_t mode,
recnum_t bn, io_buf_ptr_t data, unsigned int count,
int *bytes_written)
{
[...]
if (count == 0 || count > dev->mtu + dev->hard_header_len)
return D_INVALID_SIZE;
/* Allocate a sk_buff. */
amt = PAGE_SIZE - (copy->offset & PAGE_MASK);
skblen = (amt >= count) ? 0 : count;
[...]
}
If I interpret this correctly there is at least one page allocated
and later it will be freed. And therefore the wrong argument does
no harm.
The next step for me is to understand what exactly happends in
the oskit-mach code.
wagi
[1] http://mail.gnu.org/pipermail/bug-hurd/2001-October/005627.html
--
Daniel Wagner "use quit to exit"
email: wagi@gmx.ch
GnuPG: 1024D/DCDE890A (public key available on any keyserver)
- oskit-mach: device_write,
Daniel Wagner <=
- Re: oskit-mach: device_write, Daniel Wagner, 2002/03/03
- Re: oskit-mach: device_write, Roland McGrath, 2002/03/04
- Re: oskit-mach: device_write, Roland McGrath, 2002/03/04
- Re: oskit-mach: device_write, Roland McGrath, 2002/03/04
- Re: oskit-mach: device_write, Daniel Wagner, 2002/03/05
- Re: oskit-mach: device_write, Roland McGrath, 2002/03/05
- Re: oskit-mach: device_write, Daniel Wagner, 2002/03/06
- Re: oskit-mach: device_write, Roland McGrath, 2002/03/06
- Re: oskit-mach: device_write, Daniel Wagner, 2002/03/07
- Re: oskit-mach: device_write, Roland McGrath, 2002/03/08