[eepro100] speedo_intr_error routine
Kallol Biswas
kallol@efi.com
Tue Jan 15 16:08:02 2002
Hi,
One of our systems crashes when ping flood is sent to it. I took a quick
look at the eepro100 driver
of bersion "eepro100.c:v1.19 12/19/2001 Donald Becker <becker@scyld.com>\n";
Is the routine speedo_intr_error ok? This routine is called from
speedo_interrupt, if the device runs out of
descriptors/buffers.
Even if the system can't replenish the ring, the card is re-started/resumed.
This can cause the card doing DMA over old buffers, thereby
corrupting memory silently, when the system is heavily loaded with network
traffic. Correct me if I am wrong. I have run the following command
ping -s -f -p deadbeef remote_system. On remote system I have seen that
the RX descriptors are overwritten with 0xdeadbeef.
How a system can go out of memory during a data transfer of large size? The
ip fragments can sit in the reassemble queue while waiting to be
defragmented. If one of the fragments never arrives or is discarded by the
receiving side then an ip fragment chain can timeout. There can be many
such incomplete chain. I am not sure how linux handles this. This is just a
theory.
Kallol