Re: ATM (LANE) - related Kernel-Crashes

[chas williams (contractor)]

In message <Pine.LNX.4.30.0403161249270.9408-100000@xxxxxxxxxxxxxxxx>,Peter Dau
m writes:
>eax: c5934800   ebx: c645a080   ecx: c645a080   edx: 00000000
>esi: 00000000   edi: 0000000e   ebp: c7fc0000   esp: c680fdf4
>...
>Code;  c02a4f5b <lec_push+2b/220>
>00000000 <_EIP>:
>Code;  c02a4f5b <lec_push+2b/220>   <=====
>   0:   8b 6a 6c                  mov    0x6c(%edx),%ebp   <=====
>   3:   0f 84 70 01 00 00         je     179 <_EIP+0x179> c02a50d4
>   9:   fc                        cld
>   a:   8b b3 84 00 00 00         mov    0x84(%ebx),%esi
>  10:   bf c0 ed 31 00            mov    $0x31edc0,%edi
>
> <0>Kernel panic: Aiee, killing interrupt handler!

well this is pretty useful.  just curious--which gcc are you using to
build your kernels?  i have slightly different assembly for this bit
of code but it seems to point to:

Line 657 of "net/atm/lec.c" starts at address 0xe4a <lec_push+26> and ends at 0xe50 <lec_push+32>.

which is:

void
lec_push(struct atm_vcc *vcc, struct sk_buff *skb)
{
        struct net_device *dev = (struct net_device *)vcc->proto_data;
        struct lec_priv *priv = (struct lec_priv *)dev->priv;		<=====

%edx holds the result of vcc->proto_data (or dev) which seems to be 0.
this is bad.  since you died in an interrupt handler, it a fairly 
safe guess that this is a race.  a quick check of where proto_data gets
assigned shows:

lec_vcc_attach(struct atm_vcc *vcc, void *arg)
{
	...
        vcc->push = lec_push;
        vcc->proto_data = dev_lec[ioc_data.dev_num];
	...

this is bad.  these two lines should be reversed!  lec_push() is
not safe until vcc->proto_data is setup.  could you swap the order of
those two lines and give that a try?
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/