Re: [TIP] BUG kmalloc-4096: Poison overwritten (ath5k_rx_skb_alloc)

[Jiri Slaby]

On 24.2.2009 14:58, Bob Copeland wrote:
> On Tue, Feb 24, 2009 at 01:08:03AM +0200, Nick Kossifidis wrote:
> > He does an extra check...
> >
> > 	/*
> > 	 * Given the use of a self-linked tail be very sure that the hw is
> > 	 * done with this descriptor; the hw may have done this descriptor
> > 	 * once and picked it up again...make sure the hw has moved on.
> > 	 */
> > 	if ((ands->ds_rxstatus1&AR_Done) == 0&&  OS_REG_READ(ah, AR_RXDP) == pa)
> > 		return HAL_EINPROGRESS;
>
> Sounds like we definitely need that.If the hw uses up all the dma buffers
> in one go, there's a good chance we can send the skb to mac80211 while
> the hardware is still using it.  I guess an easy way to test would be to
> set the max rx buffers to 3 or so and watch the fireworks.

I added a check for this in rx tasklet some time ago, because I hit it. 
So no fireworks really should happen ;).

And yes, we ought to use this much better test (I knew nothing about 
AR_RXDP reg) than mine.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/