Re: [PATCH, RFT] bcm43xx: Busting the 1G limit
On Sat, 2006-06-17 at 19:28 +0200, Michael Buesch wrote:
Hi,
This patch adds full 32-bit and 64-bit DMA support
to the bcm43xx driver. Well, it _should_ do this. I can
not test it, as I don't have a machine to trigger the 1G
limit.
The 1G limit should be exploitable on an AMD64 machine
with more than 1G RAM.
Please test and report, if it works or not. In the
case of works not, please provide full dmesg log.
Note that I am not sure which cards actually support
full 32-bit or even 64-bit mode. Older cards might still
only support 30-bit DMA.
Hi.
I tried this on both 2.6.17-rc6 and on wireless-dev, and got pretty much
the same panic on both (modulo locking). My box is a turion with 2 GB
of ram and a BCM4318. Here's the panic from wireless-dev:
Unable to handle kernel NULL pointer dereference at 0020
RIP:
88104f24{:bcm43xx:bcm43xx_dma_handle_xmitstatus+436}
PGD 0
Oops: [1] PREEMPT
CPU 0
Modules linked in: uhci_hdc ieee80211_crypt_wep cryptoloop loop
snd_atiixp_modem
snd_atiixp snd_ac97_codec snd_ac97_bus bcm43xx snd_pcm snd_timer
ieee80211softmac ehci_hcd snd ohci1394 ieee80211 ohci_hdc sdhci ieee1394
yenta_socket usbcore mmc_core soundcore rsrc_nonstatic ieee80211_crypt
8139too
snd_page_alloc pcmcia_core
Pid: 6139, comm: iwconfig Not tainted 2.6.17-rc6-dfg1-g57aab842-dirty #1
RIP: 0010:[88104f24]
88104f24{:bcm43xx:bcm43xx_dma_handle_xmitstatus+436}
RSP: 0018:81445df8 EFLAGS: 00010002
RAX: 0063 RBX: 0001 RCX:
RDX: RSI: 0082 RDI: 0001
RBP: 81445e28 R08: 0002e8c7 R09:
R10: R11: fffa R12:
R13: 30d1 R14: 81445eb8 R15: 00d0
FS: 2b8b5dc68d20() GS:81445eb8()
knlGS:
CS: 0010 DS: ES: CR0: 8005003b
CR2: 0020 CR3: 76314000 CR4: 06e0
Process iwconfig (pid: 6139, threadinfo 8100748ae000, task
810075840890)
Stack: 81007510f050 81007510f050
8800
814453b8 2800 814453f8
880f13cb
81445e78 81007541e740
Call Trace: IRQ 880f13cb{:bcm43xx:bcm43xx_interrupt_tasklet
+2379}
81092b78{tasklet_action+72}
810126d0{__do_softirq+80}
8106872a{call_softirq+30} 81075e04{do_softirq
+52}
81092cf4{irq_exit+63} 81075e51{do_IRQ+65}
81067dae{ret_from_intr+0} EOI
810078c8{_raw_spin_lock+296}
8106dc9e{_spin_lock+30}
810202dd{unlink_file_vma+61}
810206a8{free_pagetables+152}
8103ee97{exit_mmap+135}
810416b6{mmput+54} 81047b63{exit_mmap+243}
81016a9a{do_exit+602} 81012e1c{__fput+428}
810506e0{debug_mutex_init+0}
81054862{sys_exit_group+18}
81067892{system_call+126}
Code: 45 3b 7c 24 20 7c 28 49 c7 c0 be 9e 10 88 b9 59 03 00 00 48
RIP 88104f24{:bcm43xx:bcm43xx_dma_handle_xmitstatus+436} RSP
81445df8
CR2: 0020
0Kernel panic - not syncing: Aiee, killing interrupt handler!
Daniel
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH, RFT] bcm43xx: Busting the 1G limit
On Monday 19 June 2006 17:23, Daniel Gryniewicz wrote:
On Sat, 2006-06-17 at 19:28 +0200, Michael Buesch wrote:
Hi,
This patch adds full 32-bit and 64-bit DMA support
to the bcm43xx driver. Well, it _should_ do this. I can
not test it, as I don't have a machine to trigger the 1G
limit.
The 1G limit should be exploitable on an AMD64 machine
with more than 1G RAM.
Please test and report, if it works or not. In the
case of works not, please provide full dmesg log.
Note that I am not sure which cards actually support
full 32-bit or even 64-bit mode. Older cards might still
only support 30-bit DMA.
Hi.
I tried this on both 2.6.17-rc6 and on wireless-dev, and got pretty much
the same panic on both (modulo locking). My box is a turion with 2 GB
of ram and a BCM4318. Here's the panic from wireless-dev:
Unable to handle kernel NULL pointer dereference at 0020
RIP:
88104f24{:bcm43xx:bcm43xx_dma_handle_xmitstatus+436}
I am still not absolutely sure where this oops comes from.
Could you remove at least 1G of your RAM and retry?
--
Greetings Michael.
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH, RFT] bcm43xx: Busting the 1G limit
On Mon, 2006-06-19 at 22:43 +0200, Michael Buesch wrote:
On Monday 19 June 2006 17:23, Daniel Gryniewicz wrote:
On Sat, 2006-06-17 at 19:28 +0200, Michael Buesch wrote:
Hi,
This patch adds full 32-bit and 64-bit DMA support
to the bcm43xx driver. Well, it _should_ do this. I can
not test it, as I don't have a machine to trigger the 1G
limit.
The 1G limit should be exploitable on an AMD64 machine
with more than 1G RAM.
Please test and report, if it works or not. In the
case of works not, please provide full dmesg log.
Note that I am not sure which cards actually support
full 32-bit or even 64-bit mode. Older cards might still
only support 30-bit DMA.
Hi.
I tried this on both 2.6.17-rc6 and on wireless-dev, and got pretty much
the same panic on both (modulo locking). My box is a turion with 2 GB
of ram and a BCM4318. Here's the panic from wireless-dev:
Unable to handle kernel NULL pointer dereference at 0020
RIP:
88104f24{:bcm43xx:bcm43xx_dma_handle_xmitstatus+436}
I am still not absolutely sure where this oops comes from.
Could you remove at least 1G of your RAM and retry?
I took out 1G of RAM (2 1G sticks), and there was no more panic. It
still didn't work (no output from iwlist scan), but also no panic.
dmesg output was:
Jun 19 18:00:54 athena bcm43xx: Radio turned on
Jun 19 18:00:54 athena bcm43xx: ASSERTION FAILED (radio_attenuation
10) at:
drivers/net/wireless/bcm43xx/bcm43xx_phy.c:1485:bcm43xx_find_lopair()
Jun 19 18:00:54 athena bcm43xx: ASSERTION FAILED (radio_attenuation
10) at:
drivers/net/wireless/bcm43xx/bcm43xx_phy.c:1485:bcm43xx_find_lopair()
Jun 19 18:00:54 athena bcm43xx: Chip initialized
Jun 19 18:00:54 athena bcm43xx: 32-bit DMA initialized
Jun 19 18:00:54 athena bcm43xx: 80211 cores initialized
Jun 19 18:00:54 athena bcm43xx: Keys cleared
Jun 19 18:00:54 athena SoftMAC: Associate: Scanning for networks first.
Jun 19 18:00:54 athena SoftMAC: Associate: failed to initiate scan. Is
device up?
followed by a bunch of:
Jun 19 18:01:15 athena SoftMAC: Start scanning with channel: 1
Jun 19 18:01:15 athena SoftMAC: Scanning 14 channels
Jun 19 18:01:15 athena SoftMAC: Scanning finished
followed by:
Jun 19 18:02:03 athena SoftMAC: Associate: Scanning for networks first.
Jun 19 18:02:03 athena SoftMAC: Start scanning with channel: 1
Jun 19 18:02:03 athena SoftMAC: Scanning 14 channels
Jun 19 18:02:03 athena bcm43xx: set security called
Jun 19 18:02:03 athena bcm43xx:.level = 0
Jun 19 18:02:03 athena bcm43xx:.enabled = 0
Jun 19 18:02:03 athena bcm43xx:.encrypt = 0
Jun 19 18:02:03 athena SoftMAC: Scanning finished
Jun 19 18:02:03 athena SoftMAC: Associate: Scanning for networks first.
Jun 19 18:02:03 athena SoftMAC: Start scanning with channel: 1
Jun 19 18:02:03 athena SoftMAC: Scanning 14 channels
Jun 19 18:02:03 athena SoftMAC: Scanning finished
Jun 19 18:02:03 athena SoftMAC: Associate: Scanning for networks first.
Jun 19 18:02:03 athena SoftMAC: Start scanning with channel: 1
Jun 19 18:02:03 athena SoftMAC: Scanning 14 channels
Jun 19 18:02:04 athena SoftMAC: Scanning finished
Jun 19 18:02:04 athena SoftMAC: Unable to find matching network after
scan!
and finally:
Jun 19 18:02:44 athena bcm43xx: Radio turned off
Jun 19 18:02:44 athena bcm43xx: DMA-32 0x0200 (RX) max used slots: 0/64
Jun 19 18:02:44 athena bcm43xx: DMA-32 0x02A0 (TX) max used slots: 0/512
Jun 19 18:02:44 athena bcm43xx: DMA-32 0x0280 (TX) max used slots: 0/512
Jun 19 18:02:44 athena bcm43xx: DMA-32 0x0260 (TX) max used slots: 0/512
Jun 19 18:02:44 athena bcm43xx: DMA-32 0x0240 (TX) max used slots: 0/512
Jun 19 18:02:44 athena bcm43xx: DMA-32 0x0220 (TX) max used slots: 2/512
Jun 19 18:02:44 athena bcm43xx: DMA-32 0x0200 (TX) max used slots: 0/512
At that point, I remove the bcm43xx module, and switched over to my
prism54 card in order to get net access.
This was all on wireless-dev as of yesterday with the 1G limit patch
from this thread.
Let me know if there's anything I can try, I'd love to get this working
properly.
Daniel
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH, RFT] bcm43xx: Busting the 1G limit
Hi, This patch adds full 32-bit and 64-bit DMA support to the bcm43xx driver. Well, it _should_ do this. I can not test it, as I don't have a machine to trigger the 1G limit. The 1G limit should be exploitable on an AMD64 machine with more than 1G RAM. Please test and report, if it works or not. In the case of works not, please provide full dmesg log. Note that I am not sure which cards actually support full 32-bit or even 64-bit mode. Older cards might still only support 30-bit DMA. Index: wireless-dev/drivers/net/wireless/bcm43xx/bcm43xx.h === --- wireless-dev.orig/drivers/net/wireless/bcm43xx/bcm43xx.h2006-06-17 17:48:26.0 +0200 +++ wireless-dev/drivers/net/wireless/bcm43xx/bcm43xx.h 2006-06-17 18:01:34.0 +0200 @@ -32,14 +32,18 @@ #define BCM43xx_PCICFG_ICR 0x94 /* MMIO offsets */ -#define BCM43xx_MMIO_DMA1_REASON 0x20 -#define BCM43xx_MMIO_DMA1_IRQ_MASK 0x24 -#define BCM43xx_MMIO_DMA2_REASON 0x28 -#define BCM43xx_MMIO_DMA2_IRQ_MASK 0x2C -#define BCM43xx_MMIO_DMA3_REASON 0x30 -#define BCM43xx_MMIO_DMA3_IRQ_MASK 0x34 -#define BCM43xx_MMIO_DMA4_REASON 0x38 -#define BCM43xx_MMIO_DMA4_IRQ_MASK 0x3C +#define BCM43xx_MMIO_DMA0_REASON 0x20 +#define BCM43xx_MMIO_DMA0_IRQ_MASK 0x24 +#define BCM43xx_MMIO_DMA1_REASON 0x28 +#define BCM43xx_MMIO_DMA1_IRQ_MASK 0x2C +#define BCM43xx_MMIO_DMA2_REASON 0x30 +#define BCM43xx_MMIO_DMA2_IRQ_MASK 0x34 +#define BCM43xx_MMIO_DMA3_REASON 0x38 +#define BCM43xx_MMIO_DMA3_IRQ_MASK 0x3C +#define BCM43xx_MMIO_DMA4_REASON 0x40 +#define BCM43xx_MMIO_DMA4_IRQ_MASK 0x44 +#define BCM43xx_MMIO_DMA5_REASON 0x48 +#define BCM43xx_MMIO_DMA5_IRQ_MASK 0x4C #define BCM43xx_MMIO_STATUS_BITFIELD 0x120 #define BCM43xx_MMIO_STATUS2_BITFIELD 0x124 #define BCM43xx_MMIO_GEN_IRQ_REASON0x128 @@ -55,14 +59,27 @@ #define BCM43xx_MMIO_XMITSTAT_10x174 #define BCM43xx_MMIO_REV3PLUS_TSF_LOW 0x180 /* core rev = 3 only */ #define BCM43xx_MMIO_REV3PLUS_TSF_HIGH 0x184 /* core rev = 3 only */ -#define BCM43xx_MMIO_DMA1_BASE 0x200 -#define BCM43xx_MMIO_DMA2_BASE 0x220 -#define BCM43xx_MMIO_DMA3_BASE 0x240 -#define BCM43xx_MMIO_DMA4_BASE 0x260 + +/* 32-bit DMA */ +#define BCM43xx_MMIO_DMA32_BASE0 0x200 +#define BCM43xx_MMIO_DMA32_BASE1 0x220 +#define BCM43xx_MMIO_DMA32_BASE2 0x240 +#define BCM43xx_MMIO_DMA32_BASE3 0x260 +#define BCM43xx_MMIO_DMA32_BASE4 0x280 +#define BCM43xx_MMIO_DMA32_BASE5 0x2A0 +/* 64-bit DMA */ +#define BCM43xx_MMIO_DMA64_BASE0 0x200 +#define BCM43xx_MMIO_DMA64_BASE1 0x240 +#define BCM43xx_MMIO_DMA64_BASE2 0x280 +#define BCM43xx_MMIO_DMA64_BASE3 0x2C0 +#define BCM43xx_MMIO_DMA64_BASE4 0x300 +#define BCM43xx_MMIO_DMA64_BASE5 0x340 +/* PIO */ #define BCM43xx_MMIO_PIO1_BASE 0x300 #define BCM43xx_MMIO_PIO2_BASE 0x310 #define BCM43xx_MMIO_PIO3_BASE 0x320 #define BCM43xx_MMIO_PIO4_BASE 0x330 + #define BCM43xx_MMIO_PHY_VER 0x3E0 #define BCM43xx_MMIO_PHY_RADIO 0x3E2 #define BCM43xx_MMIO_ANTENNA 0x3E8 @@ -231,8 +248,14 @@ #define BCM43xx_SBTMSTATELOW_FORCE_GATE_CLOCK 0x2 /* sbtmstatehigh state flags */ -#define BCM43xx_SBTMSTATEHIGH_SERROR 0x1 -#define BCM43xx_SBTMSTATEHIGH_BUSY 0x4 +#define BCM43xx_SBTMSTATEHIGH_SERROR 0x0001 +#define BCM43xx_SBTMSTATEHIGH_BUSY 0x0004 +#define BCM43xx_SBTMSTATEHIGH_TIMEOUT 0x0020 +#define BCM43xx_SBTMSTATEHIGH_COREFLAGS0x1FFF +#define BCM43xx_SBTMSTATEHIGH_DMA64BIT 0x1000 +#define BCM43xx_SBTMSTATEHIGH_GATEDCLK 0x2000 +#define BCM43xx_SBTMSTATEHIGH_BISTFAILED 0x4000 +#define BCM43xx_SBTMSTATEHIGH_BISTCOMPLETE 0x8000 /* sbimstate flags */ #define BCM43xx_SBIMSTATE_IB_ERROR 0x2 @@ -566,8 +589,11 @@ struct bcm43xx_dmaring *tx_ring1; struct bcm43xx_dmaring *tx_ring2; struct bcm43xx_dmaring *tx_ring3; + struct bcm43xx_dmaring *tx_ring4; + struct bcm43xx_dmaring *tx_ring5; + struct bcm43xx_dmaring *rx_ring0; - struct bcm43xx_dmaring *rx_ring1; /* only available on core.rev 5 */ + struct bcm43xx_dmaring *rx_ring3; /* only available on core.rev 5 */ }; /* Data structures for PIO transmission, per 80211 core. */ @@ -708,7 +734,7 @@ /* Reason code of the last interrupt. */ u32 irq_reason; - u32 dma_reason[4]; + u32 dma_reason[6]; /* saved irq enable/disable state bitfield. */ u32 irq_savedstate; /* Link Quality calculation context. */ Index: wireless-dev/drivers/net/wireless/bcm43xx/bcm43xx_dma.c === ---
