[Xen-devel] [PATCHv2 1/3] xen-netback: return correct ethtool stats

[David Vrabel]

Use correct pointer arithmetic to get the pointer to each stat.

Signed-off-by: David Vrabel 
---
 drivers/net/xen-netback/interface.c |3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/drivers/net/xen-netback/interface.c 
b/drivers/net/xen-netback/interface.c
index f38227a..3aa8648 100644
--- a/drivers/net/xen-netback/interface.c
+++ b/drivers/net/xen-netback/interface.c
@@ -340,12 +340,11 @@ static void xenvif_get_ethtool_stats(struct net_device 
*dev,
unsigned int num_queues = vif->num_queues;
int i;
unsigned int queue_index;
-   struct xenvif_stats *vif_stats;
 
for (i = 0; i < ARRAY_SIZE(xenvif_stats); i++) {
unsigned long accum = 0;
for (queue_index = 0; queue_index < num_queues; ++queue_index) {
-   vif_stats = &vif->queues[queue_index].stats;
+   void *vif_stats = &vif->queues[queue_index].stats;
accum += *(unsigned long *)(vif_stats + 
xenvif_stats[i].offset);
}
data[i] = accum;
-- 
1.7.10.4


___
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel

Re: [Xen-devel] [PATCHv2 1/3] xen-netback: return correct ethtool stats

[Ian Campbell]

Control: fixed -1 4.0-1~exp1

On Wed, 2015-03-04 at 11:14 +, David Vrabel wrote:
> Use correct pointer arithmetic to get the pointer to each stat.

I think this incorrect arithmetic was also responsible for the crash
reported in http://bugs.debian.org/786936 which was using the resulting
stray pointer.

I'll add the fix to our kernel but: David (Miller) could we also have it
queued for stable please?

Thanks.

Reasoning:

IP: [] xenvif_get_ethtool_stats+0x50/0x80 [xen_netback]

(gdb) disas xenvif_get_ethtool_stats+0x50
Dump of assembler code for function xenvif_get_ethtool_stats:
   0x5280 <+0>: callq  0x5285 
   0x5285 <+5>: mov0x900(%rdi),%r9d
   0x528c <+12>:mov$0x0,%r8
   0x5293 <+19>:lea-0x1(%r9),%r10d
   0x5297 <+23>:imul   $0x36258,%r10,%r10
   0x529e <+30>:xchg   %ax,%ax
   0x52a0 <+32>:test   %r9d,%r9d
   0x52a3 <+35>:je 0x52f8 
   0x52a5 <+37>:movzwl (%r8),%esi
   0x52a9 <+41>:mov0x8f8(%rdi),%rcx
   0x52b0 <+48>:lea0x0(,%rsi,8),%rax
   0x52b8 <+56>:shl$0x6,%rsi
   0x52bc <+60>:sub%rax,%rsi
   0x52bf <+63>:lea(%rcx,%rsi,1),%rax
   0x52c3 <+67>:lea0x36258(%rcx,%r10,1),%rcx
   0x52cb <+75>:add%rcx,%rsi
   0x52ce <+78>:xor%ecx,%ecx
   0x52d0 <+80>:add0x36220(%rax),%rcx
   0x52d7 <+87>:add$0x36258,%rax
   0x52dd <+93>:cmp%rsi,%rax
   0x52e0 <+96>:jne0x52d0 
   0x52e2 <+98>:add$0x22,%r8
   0x52e6 <+102>:   mov%rcx,(%rdx)
   0x52e9 <+105>:   add$0x8,%rdx
   0x52ed <+109>:   cmp$0x0,%r8
   0x52f4 <+116>:   jne0x52a0 
   0x52f6 <+118>:   repz retq 
   0x52f8 <+120>:   xor%ecx,%ecx
   0x52fa <+122>:   jmp0x52e2 
End of assembler dump.
(gdb) list *xenvif_get_ethtool_stats+0x50
0x52d0 is in xenvif_get_ethtool_stats 
(/build/linux-RGM_Ed/linux-3.16.7-ckt9/drivers/net/xen-netback/interface.c:349).

... and in the Debian kernel interface.c:349 is the accum += line from
the patch.

Ian.

> 
> Signed-off-by: David Vrabel 
> ---
>  drivers/net/xen-netback/interface.c |3 +--
>  1 file changed, 1 insertion(+), 2 deletions(-)
> 
> diff --git a/drivers/net/xen-netback/interface.c 
> b/drivers/net/xen-netback/interface.c
> index f38227a..3aa8648 100644
> --- a/drivers/net/xen-netback/interface.c
> +++ b/drivers/net/xen-netback/interface.c
> @@ -340,12 +340,11 @@ static void xenvif_get_ethtool_stats(struct net_device 
> *dev,
>   unsigned int num_queues = vif->num_queues;
>   int i;
>   unsigned int queue_index;
> - struct xenvif_stats *vif_stats;
>  
>   for (i = 0; i < ARRAY_SIZE(xenvif_stats); i++) {
>   unsigned long accum = 0;
>   for (queue_index = 0; queue_index < num_queues; ++queue_index) {
> - vif_stats = &vif->queues[queue_index].stats;
> + void *vif_stats = &vif->queues[queue_index].stats;
>   accum += *(unsigned long *)(vif_stats + 
> xenvif_stats[i].offset);
>   }
>   data[i] = accum;



___
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel