From owner-freebsd-current@FreeBSD.ORG Mon Jul 28 12:52:08 2003 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3B58137B401 for ; Mon, 28 Jul 2003 12:52:08 -0700 (PDT) Received: from mail.cyberonic.com (mail.cyberonic.com [4.17.179.4]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3F6AC43F75 for ; Mon, 28 Jul 2003 12:52:07 -0700 (PDT) (envelope-from jmg@hydrogen.funkthat.com) Received: from hydrogen.funkthat.com (node-40244c0a.sfo.onnet.us.uu.net [64.36.76.10]) by mail.cyberonic.com (8.12.8/8.12.5) with ESMTP id h6SKNn0n026424; Mon, 28 Jul 2003 16:23:50 -0400 Received: (from jmg@localhost) by hydrogen.funkthat.com (8.12.9/8.11.6) id h6SJq1Io006242; Mon, 28 Jul 2003 12:52:01 -0700 (PDT) (envelope-from jmg) Date: Mon, 28 Jul 2003 12:52:01 -0700 From: John-Mark Gurney To: Gary Jennejohn Message-ID: <20030728195201.GT10708@funkthat.com> Mail-Followup-To: Gary Jennejohn , Lukas Ertl , freebsd-current@freebsd.org, Mark Blackman References: <20030728010641.GQ10708@funkthat.com> <200307281058.h6SAwPWM009155@peedub.jennejohn.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200307281058.h6SAwPWM009155@peedub.jennejohn.org> User-Agent: Mutt/1.4.1i X-Operating-System: FreeBSD 4.2-RELEASE i386 X-PGP-Fingerprint: B7 EC EF F8 AE ED A7 31 96 7A 22 B3 D8 56 36 F4 X-Files: The truth is out there X-URL: http://resnet.uoregon.edu/~gurney_j/ X-Resume: http://resnet.uoregon.edu/~gurney_j/resume.html cc: freebsd-current@freebsd.org cc: Mark Blackman cc: Lukas Ertl Subject: Re: device driver memory leak in 5.1-20030726? X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: John-Mark Gurney List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 28 Jul 2003 19:52:08 -0000 Gary Jennejohn wrote this message on Mon, Jul 28, 2003 at 12:58 +0200: > It appears to me that the test in usb_block_allocmem() should be > (p->tag->parent == tag || p->tag->parent == tag->parent) and NOT > p->tag == tag! That's because bus_dma_tag_create() uses the tag > passed into usb_block_allocmem() as newtag->parent! > > Unfortunately, bus_dma_tag is an opaque type and there's no way to > access the parent member anywhere but in the MD busdma_machdep.c :-( > > Anyway, as written there's no way that I can see that the code can > work correctly. You miss the code in the XXX bit that overrides the tag with the tag passed in. If we allocate a fullblock, the tag doesn't need to be overwriten since we end up freeing it, but in the fragment case, we override the tag, and we don't need to keep the tag allocated by usb_block_allocmem since we never end up freeing the block that is part of the fragments. The bug fixed in rev1.2 was because of a difference in how NetBSD/OpenBSD handles things. We wouldn't need this if we had a size parameter to bus_dmamem_alloc. Please reread the code and see what I mean. -- John-Mark Gurney Voice: +1 415 225 5579 "All that I will do, has been done, All that I have, has not."