From owner-freebsd-usb@FreeBSD.ORG Thu Mar 26 01:49:43 2009 Return-Path: Delivered-To: freebsd-usb@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5CEBB1065670; Thu, 26 Mar 2009 01:49:43 +0000 (UTC) (envelope-from weongyo.jeong@gmail.com) Received: from rv-out-0506.google.com (rv-out-0506.google.com [209.85.198.236]) by mx1.freebsd.org (Postfix) with ESMTP id 191048FC12; Thu, 26 Mar 2009 01:49:42 +0000 (UTC) (envelope-from weongyo.jeong@gmail.com) Received: by rv-out-0506.google.com with SMTP id l9so529646rvb.43 for ; Wed, 25 Mar 2009 18:49:42 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:received:from:date:to:cc :subject:message-id:reply-to:references:mime-version:content-type :content-disposition:in-reply-to:user-agent:organization :x-operation-sytem; bh=CIXYiFzDvIS+W12LEn24xEuPM+h6F2JbYboPMhgby5U=; b=X9UO3wUkPcww2tvVrLrkHAIJDWZEJ4jol01QMzCo9QMdCF0SSWMrCXR+mpeL7fG+6Z mcawUNgb1dxnWWrEbE30zr4lUALOew7RjV9ZTD7d7ztBHObAc7+QQW7fPT0E80b2Zgeg r3lbV0LFteeClBY9opRp89BWXOKU8UVIByotY= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=from:date:to:cc:subject:message-id:reply-to:references:mime-version :content-type:content-disposition:in-reply-to:user-agent :organization:x-operation-sytem; b=kws0HzLFoUl68azGzOp9vhqHAhF9uwyQvteYSHOy+484Fj8zre30EaZh1Y0kjHBweZ wfj0vXuqYS3lRt6chE67G6DMXoP9WfXyJuYE7dNS8nSmW9APCEJavv2Xxl6L2IC0KKWq jTPH+gqgTT/CRFzQ/Z5SBC2sDKNch61bf/j54= Received: by 10.141.29.14 with SMTP id g14mr130503rvj.232.1238032182571; Wed, 25 Mar 2009 18:49:42 -0700 (PDT) Received: from weongyo ([114.111.62.249]) by mx.google.com with ESMTPS id g22sm17128115rvb.33.2009.03.25.18.49.40 (version=SSLv3 cipher=RC4-MD5); Wed, 25 Mar 2009 18:49:41 -0700 (PDT) Received: by weongyo (sSMTP sendmail emulation); Thu, 26 Mar 2009 10:49:38 +0900 From: Weongyo Jeong Date: Thu, 26 Mar 2009 10:49:38 +0900 To: Hans Petter Selasky Message-ID: <20090326014938.GB14916@weongyo.cdnetworks.kr> References: <20090325091756.GA14916@weongyo.cdnetworks.kr> <200903251046.55586.hselasky@c2i.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200903251046.55586.hselasky@c2i.net> User-Agent: Mutt/1.4.2.3i Organization: CDNetworks. X-Operation-Sytem: FreeBSD Cc: Sam Leffler , freebsd-usb@freebsd.org, Andrew Thompson Subject: Re: q: Memory modified after free in usb2 X-BeenThere: freebsd-usb@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Weongyo Jeong List-Id: FreeBSD support for USB List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 26 Mar 2009 01:49:43 -0000 On Wed, Mar 25, 2009 at 10:46:54AM +0100, Hans Petter Selasky wrote: > On Wednesday 25 March 2009, Weongyo Jeong wrote: > > Hello Hans :), > > > > I think porting uath(4) to usb almost have done that it works well to > > associate with AP and for WPA but I'm suffered from a strange panic after > > detach as follows: > > > > Memory modified after free 0xc4da3600(508) val=24000000 @ 0xc4da3600 > > panic: Most recently used by USBdev > > > > cpuid = 0 > > KDB: enter: panic > > [thread pid 17 tid 100036 ] > > Stopped at kdb_enter+0x3a: movl $0,kdb_why > > > > The detach step is like as follows: > > > > usb2_transfer_unsetup(sc->sc_xfer, UATH_N_XFERS); > > ... > > uath_free_rx_data_list(sc); > > uath_free_tx_data_list(sc); > > uath_free_cmd_list(sc, sc->sc_cmd, UATH_CMD_LIST_COUNT); > > > > that I've checked all memory leaks or calls after freeing memory but it > > looks it's not a driver problem. > > > > To solve this problem I modified codes slightly like below: > > > > usb2_transfer_unsetup(sc->sc_xfer, UATH_N_XFERS); > > usb2_pause_mtx(NULL, 5 * hz); > > ... > > uath_free_rx_data_list(sc); > > uath_free_tx_data_list(sc); > > uath_free_cmd_list(sc, sc->sc_cmd, UATH_CMD_LIST_COUNT); > > > > After adding it I couldn't see `Memory modified after free' messages > > anymore. My question is that I can't understand why adding > > usb2_pause_mtx() helps this symptom? > > Did you drain all the taskqueues before unsetup ? Yes. All I used was two callouts that the driver currently doesn't use usb2_proc_create() and tried to drain its before calling usb2_transfer_unsetup() but it still encounters `Memory modified after free'. regards, Weongyo Jeong