[Prism54-devel] SMC2802 report
Jean-Baptiste Note
jean-baptiste.note at wanadoo.fr
Wed Apr 13 08:55:09 UTC 2005
Hello Joerg,
Sorry for the late reply, i didn't notice the "how can I track this down
further" line :)
> Warning: kfree_skb passed an skb still on a list (from d5d10a20).
We have a double-free of an skb during module unload. Either in the
mgmt_rx or data_rx path.
First things first, let's try to know where : can you add a little
printk's in the function :
islpci_free_memory(islpci_private *priv) in islpci_dev.c, one before
/* clean up mgmt rx buffers */, one before /* clean up data rx buffers
*/, and one before /* Free the acces control list and the WPA list */ ?
something like printk(KERN_CRIT "freeing mgmt rx queue");
I hope this way we'll be able to tell in which queue the double-free
happens.
I've looked at the data rx code, and there may be a slight problem in
case free_memory isn't serialized against
islpci_eth_receive(islpci_private *priv) in islpci_eth.c.
In case the above states that the problem lies in the data_rx queue, can
you try to add, after the block :
index = priv->free_data_rx % ISL38XX_CB_RX_QSIZE;
size = le16_to_cpu(control_block->rx_data_low[index].size);
skb = priv->data_low_rx[index];
the following line :
priv->data_low_rx[index] = 0;
This way we clearly tell the islpci_free_memory that we have taken care
of the skb, and you don't need to free it any more. this would not be a
correct fix, it only narrows the (maybe non-existent) race window.
> Is there a patch or how I can track this down further?
Sorry for not providing a patch, i'm looking at a wannabe-softmac-tree,
that has quite diverged from the main branch....
Hope this helps,
JB
--
Jean-Baptiste Note
+33 (0)6 83 03 42 38
jean-baptiste.note at wanadoo.fr
More information about the Prism54-devel
mailing list