Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 12 Feb 2001 04:30:02 -0800 (PST)
From:      Stas Kisel <stask@tiger.unisquad.com>
To:        freebsd-bugs@FreeBSD.org
Subject:   Re: kern/24608: FreeBSD 4.2 Panics in Realtek rl driver
Message-ID:  <200102121230.f1CCU2o69916@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 
The following reply was made to PR kern/24608; it has been noted by GNATS.

From: Stas Kisel <stask@tiger.unisquad.com>
To: freebsd-gnats-submit@FreeBSD.org
Cc: myleal@spliceip.com.br
Subject: Re: kern/24608: FreeBSD 4.2 Panics in Realtek rl driver
Date: Mon, 12 Feb 2001 14:23:37 +0200

 Hi.
 
 Using gdb a bit more, I've found that actually crashes occur not on
 lines it says:
 
     at ../../kern/uipc_mbuf2.c:270
     at ../../pci/if_rl.c:1314 (this one originally reported in this PR)
     at ../../kern/uipc_socket.c:558
     at ../../kern/uipc_mbuf.c:621
 
 but in MGET() and MGETHDR() preceeding these lines at sys/mbuf.h lines
 287 and 317. Commented assembly code proving that are at
 http://tiger.unisquad.com/~stask/rl/typescript.detailed.44-46
 BTW, there are other typescripts.
 
 MGET()/MGETHDR() deal with 0x5aXXXXXX and 0x5bXXXXXX instead of 0xc0XXXXXX
 (other valid mbufs are at 0xc0XXXXXX). I've added some logging to the
 kernel (m_mballoc()) to check which addresses are usually used in the kernel
 for mbufs. I'll report results.
 
 It looks like m_mballoc() puts wrong value into mmbfree. Looking at it
 (kern/uipc_mbuf.c) I came to conclusion that it is kern_malloc() returning
 wrong value.
 It looks like I should stop here, because I am not familiar with kernel
 and I don't understand kern_malloc()'s comment at all :(
 But I'll try to makecouple of guesses :) There are many restrictions in
 use of kern_malloc(), and probably it may not be used here.
 Guess 1. kern_malloc() should work at splhigh, while MGET()/MGETHDR() use
          splimp.
 Guess 2. kern_malloc() should be only called from kern/kern_malloc.c.
 
 PS. When searching for a quick fix yesterday, I've tried to use old version
 of if_rl.c (from 4.1-RELEASE), but this didn't help, of course.
 
 \bye
 Stas
 
 


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200102121230.f1CCU2o69916>