From nobody@FreeBSD.org  Fri Sep 26 09:22:24 2008
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 62B7510656A0
	for <freebsd-gnats-submit@FreeBSD.org>; Fri, 26 Sep 2008 09:22:24 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21])
	by mx1.freebsd.org (Postfix) with ESMTP id 51EE88FC1D
	for <freebsd-gnats-submit@FreeBSD.org>; Fri, 26 Sep 2008 09:22:24 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.14.3/8.14.3) with ESMTP id m8Q9MNn9013181
	for <freebsd-gnats-submit@FreeBSD.org>; Fri, 26 Sep 2008 09:22:23 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.14.3/8.14.3/Submit) id m8Q9MNFi013180;
	Fri, 26 Sep 2008 09:22:23 GMT
	(envelope-from nobody)
Message-Id: <200809260922.m8Q9MNFi013180@www.freebsd.org>
Date: Fri, 26 Sep 2008 09:22:23 GMT
From: Antoine Pelisse <apelisse@gmail.com>
To: freebsd-gnats-submit@FreeBSD.org
Subject: NDIS panic
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         127644
>Category:       kern
>Synopsis:       [ndis] [panic] NDIS panic
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    weongyo
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri Sep 26 09:30:02 UTC 2008
>Closed-Date:    Tue Sep 08 20:34:13 UTC 2009
>Last-Modified:  Tue Sep 08 20:34:13 UTC 2009
>Originator:     Antoine Pelisse
>Release:        8.0-CURRENT
>Organization:
>Environment:
FreeBSD eeepc 8.0-CURRENT FreeBSD 8.0-CURRENT #12: Wed Sep 24 09:41:05 CEST 2008
i386
>Description:
NDIS is crashing while using a rt2860 wireless card.

See Fix to the problem below
>How-To-Repeat:
Error is 100% reproducible. Load the module generated by ndisgen rt2860.ko
after few packets are sent/received, kernel panics.
>Fix:
sys/dev/if_ndis/if_ndisvar.h:
#define NDIS_TXPKTS 64
#define NDIS_INC(x)             \
        (x)->ndis_txidx = ((x)->ndis_txidx + 1) % NDIS_TXPKTS 

sc->ndis_txidx should cycle between 0 and sc->ndis_maxpkts as sc->ndis_tmaps is allocated with sc->ndis_maxpkts elements.

By the way, sc->ndis_txarray and sc->ndis_txpool are allocated with NDIS_TXPKTS
 while it only uses sc->ndis_maxpkts elements.

Patch attached with submission follows:

diff -u if_ndis.old/if_ndis.c if_ndis/if_ndis.c
--- if_ndis.old/if_ndis.c	2008-09-24 09:38:28.000000000 +0200
+++ if_ndis/if_ndis.c	2008-09-24 09:39:50.000000000 +0200
@@ -641,12 +641,12 @@
 		sc->ndis_maxpkts = 10;
 
 	sc->ndis_txarray = malloc(sizeof(ndis_packet *) *
-	    NDIS_TXPKTS, M_DEVBUF, M_NOWAIT|M_ZERO);
+	    sc->ndis_maxpkts, M_DEVBUF, M_NOWAIT|M_ZERO);
 
 	/* Allocate a pool of ndis_packets for TX encapsulation. */
 
 	NdisAllocatePacketPool(&i, &sc->ndis_txpool,
-	   NDIS_TXPKTS, PROTOCOL_RESERVED_SIZE_IN_PACKET);
+	    sc->ndis_maxpkts, PROTOCOL_RESERVED_SIZE_IN_PACKET);
 
 	if (i != NDIS_STATUS_SUCCESS) {
 		sc->ndis_txpool = NULL;
diff -u if_ndis.old/if_ndisvar.h if_ndis/if_ndisvar.h
--- if_ndis.old/if_ndisvar.h	2008-09-24 09:38:28.000000000 +0200
+++ if_ndis/if_ndisvar.h	2008-09-24 09:38:56.000000000 +0200
@@ -87,7 +87,7 @@
 
 #define NDIS_TXPKTS 64
 #define NDIS_INC(x)		\
-	(x)->ndis_txidx = ((x)->ndis_txidx + 1) % NDIS_TXPKTS
+	(x)->ndis_txidx = ((x)->ndis_txidx + 1) % (x)->ndis_maxpkts
 
 
 #define NDIS_EVENTS 4


>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->freebsd-net 
Responsible-Changed-By: linimon 
Responsible-Changed-When: Fri Sep 26 12:43:46 UTC 2008 
Responsible-Changed-Why:  
Over to maintainer(s). 

http://www.freebsd.org/cgi/query-pr.cgi?pr=127644 
Responsible-Changed-From-To: freebsd-net->weongyo 
Responsible-Changed-By: weongyo 
Responsible-Changed-When: Sun Sep 28 09:47:01 UTC 2008 
Responsible-Changed-Why:  
grab it. 


http://www.freebsd.org/cgi/query-pr.cgi?pr=127644 
State-Changed-From-To: open->patched 
State-Changed-By: weongyo 
State-Changed-When: Sat Oct 4 04:16:35 UTC 2008 
State-Changed-Why:  
Committed to the HEAD. 


http://www.freebsd.org/cgi/query-pr.cgi?pr=127644 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: kern/127644: commit references a PR
Date: Sat,  4 Oct 2008 04:16:07 +0000 (UTC)

 weongyo     2008-10-04 04:15:39 UTC
 
   FreeBSD src repository
 
   Modified files:
     sys/dev/if_ndis      if_ndis.c if_ndisvar.h 
   Log:
   SVN rev 183587 on 2008-10-04 04:15:39Z by weongyo
   
   sc->ndis_txidx should be cycle between 0 and sc->ndis_maxpkts, not
   NDIS_TXPKTS and don't allocate unused extra spaces for sc->ndis_txarray
   and sc->ndis_txpool.
   
   PR:             kern/127644
   Submitted by:   Antoine Pelisse <apelisse_at_gmail.com>
   MFC after:      1 week
   
   Revision  Changes    Path
   1.144     +2 -2      src/sys/dev/if_ndis/if_ndis.c
   1.34      +1 -1      src/sys/dev/if_ndis/if_ndisvar.h
 _______________________________________________
 cvs-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/cvs-all
 To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
 
State-Changed-From-To: patched->closed 
State-Changed-By: weongyo 
State-Changed-When: Tue Sep 8 20:32:41 UTC 2009 
State-Changed-Why:  
STABLE_8 is branched so close it. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=127644 
>Unformatted:
