Subject: Caught a crash
To: None <netbsd-help@NetBSD.ORG>
From: Tim Jackson <timj@millenium.tiac.net>
List: netbsd-help
Date: 03/02/1995 16:43:30
Hi,
It's me again :)
I caught a crash this morning in NetbSD 1.0. The stack trace
was:
interupt stack
tcp_input(....)
in_pcblookup+0x38(....)
struct inpcb *
in_pcblookup(head, faddr, fport_arg, laddr, lport_arg, flags)
struct inpcb *head;
struct in_addr faddr, laddr;
u_int fport_arg, lport_arg;
int flags;
{
register struct inpcb *inp, *match = 0;
int matchwild = 3, wildcard;
u_short fport = fport_arg, lport = lport_arg;
for (inp = head->inp_next; inp != head; inp = inp->inp_next) {
if (inp->inp_lport != lport)
^^^^^^^^^^^^^^
Died here
The assembly for this code fragment is:
_in_pcblookup:
pushl %ebp
movl %esp,%ebp
subl $12,%esp
pushl %edi
pushl %esi
pushl %ebx
movl 12(%ebp),%edi
movl 20(%ebp),%esi
movl $0,-12(%ebp)
movl $3,%eax
movw 16(%ebp),%bx
movw %bx,-4(%ebp)
movw 24(%ebp),%bx
movw %bx,-8(%ebp)
movl 8(%ebp),%ebx
movl (%ebx),%ecx
cmpl %ebx,%ecx
je L124
.align 2,0x90
L143:
movw -8(%ebp),%bx
cmpw %bx,24(%ecx)
^^^
Crashes here......%ecx is 0x0
My only thought is that since the in_pcb ring is not protected from
manipulation from the interrupt service routine side. I'm not sure
this is the only problem but one that may titilate the senses.
Thanks for you patience
tim
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~ Timothy Jackson/TIAC - The Internet Access Company - Voice:617/276-7200 ~
~ CEO, Founder - 7 Railroad Avenue - Fax :617/275-2224 ~
~ - Bedford, MA 01730 - Data :617/275-0331 ~
~ timj@tiac.net ~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~