Date: Wed, 15 Sep 2004 01:42:20 +0700 From: Max Khon <fjoe@samodelkin.net> To: daichi <daichi@freebsd.org> Cc: freebsd-geom@FreeBSD.org Subject: Re: kern/71431: [panic fix] [patch] geom_uzip.ko caused panic Message-ID: <20040914184220.GB1075@samodelkin.net> In-Reply-To: <20040914160245.7db7d1e0.daichi@freebsd.org> References: <200409090607.i89674F3039635@freefall.freebsd.org> <20040914160245.7db7d1e0.daichi@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi!
On Tue, Sep 14, 2004 at 04:02:45PM +0900, daichi wrote:
> I think this problem depends on malloc/free confusion.
> In shortly, next code is bad I think.
>
> void * buf = malloc(size, M_GEOM, M_WAITOK);
> free(buf, M_GEOM_UZIP);
>
> In for_loop of g_uzip_taste, malloced area gets free
> with M_GEOM_UZIP flag. But the area is malloced with
> M_GEOM flag. I think this causes problem.
Now I see the problem! Does this patch fix the problem for you?
Index: g_uzip.c
===================================================================
RCS file: /home/ncvs/src/sys/geom/uzip/g_uzip.c,v
retrieving revision 1.1.2.1
diff -u -p -r1.1.2.1 g_uzip.c
--- g_uzip.c 10 Sep 2004 07:00:38 -0000 1.1.2.1
+++ g_uzip.c 14 Sep 2004 18:19:36 -0000
@@ -424,7 +424,7 @@ g_uzip_taste(struct g_class *mp, struct
for (blk = 1; offsets_read < total_offsets; blk++) {
uint32_t nread;
- free(buf, M_GEOM_UZIP);
+ free(buf, M_GEOM);
buf = g_read_data(
cp, blk * pp->sectorsize, pp->sectorsize, &error);
if (buf == NULL || error != 0)
@@ -470,7 +470,7 @@ err:
g_topology_lock();
g_access(cp, -1, 0, 0);
if (buf != NULL)
- free(buf, M_GEOM_UZIP);
+ free(buf, M_GEOM);
if (gp->softc != NULL) {
g_uzip_softc_free(gp->softc, NULL);
gp->softc = NULL;
/fjoe
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040914184220.GB1075>