if_nge & if_lge drivers
Yuriy N. Shkandybin
jura at networks.ru
Fri Oct 7 01:07:54 PDT 2005
Hello.
I saw John Baldwin commit to if_lge.c rev 1.43 and perform same changes for if_nge.c
I've tested it and it works.
Patch in attachment or available from
http://www.netams.com/if_nge.c.patch
Also i've noticed if_lge affected same problem i've met nge.
In if_lgereg.h we have
struct lge_list_data {
struct lge_rx_desc lge_rx_list[LGE_RX_LIST_CNT];
struct lge_tx_desc lge_tx_list[LGE_TX_LIST_CNT];
};
In if_lge.c
524: sc->lge_ldata = contigmalloc(sizeof(struct lge_list_data), M_DEVBUF,
M_NOWAIT, 0, 0xffffffff, PAGE_SIZE, 0);
So lge_rx_list and lge_tx_list might be initialized with garbage in it.
But in lge_stop() there is:
/*
* Free data in the RX lists.
*/
for (i = 0; i < LGE_RX_LIST_CNT; i++) {
if (sc->lge_ldata->lge_rx_list[i].lge_mbuf != NULL) {
m_freem(sc->lge_ldata->lge_rx_list[i].lge_mbuf);
sc->lge_ldata->lge_rx_list[i].lge_mbuf = NULL;
}
}
And lge_stop() called from lge_init() (if_lge.c line 1242)
So m_freem() called on garbage from lge_rx_list!
I suggest to add M_ZERO to contigmalloc() flags for both if_nge.c and if_lge.c
Jura
-------------- next part --------------
A non-text attachment was scrubbed...
Name: if_nge.c.patch
Type: application/octet-stream
Size: 5829 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-net/attachments/20051007/6df166e6/if_nge.c.obj
More information about the freebsd-net
mailing list