[eepro100] speedo_intr_error routine

Kallol Biswas kallol@efi.com
Tue Jan 15 16:08:02 2002


Hi,
    One of our systems crashes when ping flood is sent to it.  I took a quick
look at the eepro100 driver
of bersion "eepro100.c:v1.19 12/19/2001 Donald Becker <becker@scyld.com>\n";

Is the routine speedo_intr_error ok? This routine is called from
speedo_interrupt, if the device runs out of
descriptors/buffers.

Even if the system can't replenish the ring, the card is re-started/resumed.
This can cause the card doing DMA over old buffers, thereby
corrupting memory silently, when the system is heavily loaded with network
traffic. Correct me if I am wrong. I have run the following command
ping -s -f -p deadbeef   remote_system.     On remote system I have seen that
the  RX descriptors are overwritten with  0xdeadbeef.

How a system can go out of memory during a data transfer of large size?  The
ip fragments can sit in the reassemble queue  while waiting to be
defragmented. If  one of the fragments  never arrives  or is discarded by the
receiving side then an ip fragment chain can timeout. There can be many
such incomplete chain.  I am not sure how linux handles this.  This is just a
theory.


Kallol