MIPS busdma map questions
Warner Losh
imp at bsdimp.com
Wed Aug 29 03:24:13 UTC 2012
On Aug 28, 2012, at 8:22 PM, Adrian Chadd wrote:
> Hi,
>
> I have a couple of busdma map questions.
>
> #1 - in mips/mips/busdma_machdep.c, bus_dmamap_destroy() calls
> _busdma_free_dmamap() and -then- goes and walks the dma map list. Is
> this a good idea or not? :)
Accessing free memory after freeing it is a free ticket to a free dose of free pain. It should be freed after the if that checks to see if it is in use.
> #2 - the ath(4) code (in sys/dev/ath/if_ath.c:ath_descdma_alloc_desc()
> on -HEAD) does the following:
>
> * creates a tag
> * allocates a dmamap (bus_dmamap_create) - storing it in dd->dd_dmamap;
> * allocates memory via bus_dmamem_alloc - also storing it in dd->dd_dmamap.
>
> Now, I saw some NULL pointer derefernce going on when thigns failed to
> load - and what I found was bus_dmamem_alloc() overwrites the dmat
> pointer passed in (dd_dmamap above). So the dmamap allocated via
> bus_dmamap_create() is just plain overwritten.
>
> I'm guessing that when allocating memory via bus_dmamem_alloc(), the
> call to bus_dmamap_create() (and the bus_dmamap_destroy()) isn't
> needed.
>
> Scott/mips people - what do you think?
That bug isn't so easy to figure out with my 5 second attention span...
Warner
>
>
> Adrian
> _______________________________________________
> freebsd-mips at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-mips
> To unsubscribe, send any mail to "freebsd-mips-unsubscribe at freebsd.org"
More information about the freebsd-mips
mailing list