Re: Hang in SIOCGIFCONF ioctl handler

Mon, 07 Feb 2005 19:34:50 -0800 

On Mon, 7 Feb 2005, David S. Miller wrote:

On Mon, 7 Feb 2005 13:21:16 -0500 (EST)
Jurij Smakov <[EMAIL PROTECTED]> wrote:

510                 size_t len =((ifc32.ifc_len / sizeof (struct ifreq32)) + 1) 
*
511                         sizeof (struct ifreq);
512                 uifc = compat_alloc_user_space(sizeof(struct ifconf) + len);
513                 ifc.ifc_len = len;
514                 ifr = ifc.ifc_req = (void __user *)(uifc + 1);
515                 ifr32 = compat_ptr(ifc32.ifcbuf);
516                 for (i = 0; i < ifc32.ifc_len; i += sizeof (struct 
ifreq32)) {
517                         if (copy_in_user(ifr, ifr32, sizeof(struct 
ifreq32)))
518                                 return -EFAULT;
519                         ifr++;
520                         ifr32++;
521                 }

By inserting some debugging statements, I was able to figure out that
machine hangs because at some point the call to copy_in_user function does
not return.


How big are the values "ifc32.ifc_len" and the length passed into the
compat_alloc_user_space() call for the failure case?


Hi Dave,

I have inserted the printk statements before, after and inside the loop.
The debugging output (including the previous successfull execution of the loop) right before the hang looks like this:

dev_ifconf[516]: alloc_size=11056 ifc.ifc_len=11040 ifc32.ifc_len=8800
dev_ifconf[518]: i=0 ifr=00000000713163f8 ifr32=0000000071319050
dev_ifconf[518]: i=32 ifr=0000000071316420 ifr32=0000000071319070
dev_ifconf[518]: i=64 ifr=0000000071316448 ifr32=0000000071319090
dev_ifconf[518]: i=96 ifr=0000000071316470 ifr32=00000000713190b0
[...]
dev_ifconf[518]: i=8736 ifr=0000000071318ea0 ifr32=000000007131b270
dev_ifconf[518]: i=8768 ifr=0000000071318ec8 ifr32=000000007131b290
dev_ifconf[524]: after loop
dev_ifconf[516]: alloc_size=11056 ifc.ifc_len=11040 ifc32.ifc_len=8800
dev_ifconf[518]: i=0 ifr=00000001efffacf8 ifr32=00000000efffd898

alloc_size is the amount allocated by compat_alloc_user_space(). The only "strange" thing I can notice is the ifr address. On a few previous calls to this function starting ifr (at i=0) looks like that:

ifr=00000000efffb3b0
ifr=00000000efffacc0
ifr=00000000efffb328
ifr=00000000efffb2b8

and so on. The ifr address right before the hang has an extra bit set.

I hope it helps,

Jurij Smakov                                        [EMAIL PROTECTED]
Key: http://www.wooyd.org/pgpkey/                   KeyID: C99E03CC

-
To unsubscribe from this list: send the line "unsubscribe sparclinux" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Reply via email to