oskit-mach: device_write

Sat, 02 Mar 2002 13:02:37 -0800 

I restarted to work on the problem I reported several 
months ago [1]. It is very difficult for me to say what's 
going wrong. I wrote a minimal program, which let the 
oskit-mach kernel crash:

--------------------------------------------------------
#include <stdlib.h>
#include <error.h>
#include <device/device.h> 

int
main (int argc, char** argv)
{  
  int err;
  device_t ether_port;
  device_t master_device;
  char *name = "eth0";
  u_int count;

  struct _data {
    char string[100];
  } data;

  memset (&data, 0, sizeof(struct _data));
  
  err = get_privileged_ports (0, &master_device);
  if (err)
    error (2, err, "cannot get device master port");
  
  err = device_open (master_device, D_WRITE, name, &ether_port);
  mach_port_deallocate (mach_task_self (), master_device);
  if (err)
    error (2, err, "%s", name);
  
  if (0)
    /* The correct way (hopefully) */
    device_write (ether_port, D_NOWAIT, 0, 
                  (io_buf_ptr_t)&data, sizeof (struct _data), &count);
  else
    /* The size (5 parameter) is wrong */
    device_write (ether_port, D_NOWAIT, 0, 
                  (io_buf_ptr_t)&data, 4, &count);
  
  return 0;
}
------------------------------------------------------

As you can see, of the 5 parameter of the device_write 
function is wrong than oskit-mach crashes. Gnumach instead
keeps cool and puts the packet on the wire. Therefore I suspect
that the glue code is not completely correct. 

I found following lines in gnuamch/linux/dev/glue/net.c

static io_return_t
device_write (void *d, ipc_port_t reply_port,
              mach_msg_type_name_t reply_port_type, dev_mode_t mode,
              recnum_t bn, io_buf_ptr_t data, unsigned int count,
              int *bytes_written)
{
[...]

if (count == 0 || count > dev->mtu + dev->hard_header_len)
    return D_INVALID_SIZE;

  /* Allocate a sk_buff.  */
  amt = PAGE_SIZE - (copy->offset & PAGE_MASK);
  skblen = (amt >= count) ? 0 : count;

[...]
}

If I interpret this correctly there is at least one page allocated 
and later it will be freed. And therefore the wrong argument does 
no harm. 

The next step for me is to understand what exactly happends in
the oskit-mach code. 

wagi


[1] http://mail.gnu.org/pipermail/bug-hurd/2001-October/005627.html
-- 
Daniel Wagner                              "use quit to exit"
email: [EMAIL PROTECTED]

GnuPG: 1024D/DCDE890A (public key available on any keyserver)

_______________________________________________
Bug-hurd mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/listinfo/bug-hurd

Reply via email to