This is the mail archive of the
mailing list for the eCos project.
[Bug 1001655] New: eth_drv_send stack_corruption withCYGFUN_LWIP_MODE_SIMPLE
- From: bugzilla-daemon at bugs dot ecos dot sourceware dot org
- To: ecos-bugs at ecos dot sourceware dot org
- Date: Fri, 17 Aug 2012 08:09:42 +0100
- Subject: [Bug 1001655] New: eth_drv_send stack_corruption withCYGFUN_LWIP_MODE_SIMPLE
- Auto-submitted: auto-generated
Please do not reply to this email. Use the web interface provided at:
Summary: eth_drv_send stack_corruption with
Class: Advice Request
Created an attachment (id=1899)
This fixes the crash.
there is a problem in eth_drv_send() for LwIP.
This function is supposed to wait for the packet to go out
to the network.
The wait is done by calling sc->funs->poll 100 times in a loop.
If the packet is not send by then the code assumes that will never
However this can be quite common, if:
a) the Processor is fast, like the AT91SAM9G45 which runs
with 400MHz and Caches enabled.
b) A full 1514 Byte packet is to be sent.
c) And maybe a 10BASE-T physical connection is used.
Sending that packet takes 1.5 ms in full-duplex,
but it can easily double for half-duplex.
The poll function does only access one device register,
while the packet is not yet sent, and returns very quickly.
However if the packet is eventually sent the driver calls
the function eth_drv_tx_done() just above which uses the
address of "done", to set *done=true, however the stack
frame is alredy gone, and another function may be executing
right now. => stack corruption
Furthermore the hardware driver is DMA based, at least in the case
of the AT91, and therefore at the time when the send function has
returned, the packet buffer will be re-used, but the driver is
still accessing it, and the sent packet may be corrupted in flight.
Note: The stack issue is fixed with this patch, as it makes "done" a static.
HOWEVER the Wait time (1000 iterations now) may still be too short,
which could free the packet buffer before it has been sent completely.
Configure bugmail: http://bugs.ecos.sourceware.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.