dev_queue_xmit (skb, slave_dev, 1);
eql->stats->tx_packets++;
slave->bytes_queued += skb->len;
Referencing skb->len after dev_queue_xmit(...) in this case is invalid
because dev_queue_xmit frees the skb and then skb->len points to some random
location of memory which in most cases is what is necessary but in other
cases can be reused for something else and so slave->bytes_queued gets
updated with garbage. This makes eql stop queuing trafic to that slave for
long time if slave->bytes_queued gets added with a very large number.
The fix seems simple - just reorder those operatos:
slave->bytes_queued += skb->len;
dev_queue_xmit (skb, slave_dev, 1);
eql->stats->tx_packets++;
The second bug is more theretical, I don't know whether it can eally
happen and maybe even if it happen its not that bad. Anyway look at line 392
slave_dev = eql_best_slave_dev (eql->queue);
slave = eql_best_slave (eql->queue);
Here eql->queue can change between those two operators, so slave_dev would
end up pointing to one device and slave to another.
A possible fix (untested):
slave = eql_best_slave (eql->queue);
slave_dev = slave->dev;
I hope these fixes are correct and will be included in the next
2.0.37pre
Regards, Rumen
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/