if_nge & if_lge drivers
John Baldwin
jhb at freebsd.org
Wed Oct 12 13:32:06 PDT 2005
On Friday 07 October 2005 04:06 am, Yuriy N. Shkandybin wrote:
> Hello.
>
> I saw John Baldwin commit to if_lge.c rev 1.43 and perform same changes for
> if_nge.c I've tested it and it works.
> Patch in attachment or available from
> http://www.netams.com/if_nge.c.patch
>
>
>
> Also i've noticed if_lge affected same problem i've met nge.
> In if_lgereg.h we have
> struct lge_list_data {
> struct lge_rx_desc lge_rx_list[LGE_RX_LIST_CNT];
> struct lge_tx_desc lge_tx_list[LGE_TX_LIST_CNT];
> };
>
> In if_lge.c
> 524: sc->lge_ldata = contigmalloc(sizeof(struct lge_list_data), M_DEVBUF,
> M_NOWAIT, 0, 0xffffffff, PAGE_SIZE, 0);
>
> So lge_rx_list and lge_tx_list might be initialized with garbage in it.
>
> But in lge_stop() there is:
> /*
> * Free data in the RX lists.
> */
> for (i = 0; i < LGE_RX_LIST_CNT; i++) {
> if (sc->lge_ldata->lge_rx_list[i].lge_mbuf != NULL) {
> m_freem(sc->lge_ldata->lge_rx_list[i].lge_mbuf);
> sc->lge_ldata->lge_rx_list[i].lge_mbuf = NULL;
> }
> }
>
> And lge_stop() called from lge_init() (if_lge.c line 1242)
> So m_freem() called on garbage from lge_rx_list!
>
> I suggest to add M_ZERO to contigmalloc() flags for both if_nge.c and
> if_lge.c
Also, is there a reason you added a call to nge_reset() after nge_stop() in
nge_init()?
--
John Baldwin <jhb at FreeBSD.org> <>< http://www.FreeBSD.org/~jhb/
"Power Users Use the Power to Serve" = http://www.FreeBSD.org
More information about the freebsd-net
mailing list