[Prism54-devel] SMC2835 report

Jean-Baptiste Note jean-baptiste.note at wanadoo.fr
Thu Mar 24 10:07:48 UTC 2005


Hello Joerg,

> Mar 24 09:58:45 keylargo kernel: Warning: kfree_skb passed an skb still on a list (from c722ba20).

This is a double-free of a skb. Alas, i haven't delved into the pci
code yet, but here is what i discovered while programming (well, this
may be obvious to you, but was not for me...). Maybe this sort of
problem happens here ?

When a function returns 0, it means that whatever skb passed to it is
taken care of (in particular, the callee is responsible for freeing it).

When a function returns failure (<0), it means the caller still has the
responsability of the skb.

So you have to make sure that in case you return error, you only free
resources you allocated yourself in the function, and _never_ the skb
you were passed.

Is this true, are there counterexamples ?

> Mar 24 09:58:45 keylargo kernel: Call Trace:
> Mar 24 09:58:45 keylargo kernel:  [pg0+141323838/1069839360] islpci_free_memory+0x9e/0x140 [prism54]
> Mar 24 09:58:45 keylargo kernel:  [pg0+141325538/1069839360] prism54_remove+0x62/0xd0 [prism54]

Can you add a little debug in islpci_free_memory in islpci_dev.c to see
where the double free happens ? (mgmt rx, data rx, in the wpa code ?).

The allocation code seems fairly complex, and sorting out where it
happens will make things easier (for me at least).

JB

-- 
Jean-Baptiste Note
+33 (0)6 83 03 42 38
jean-baptiste.note at wanadoo.fr


More information about the Prism54-devel mailing list