em driver issues

EM1897 at aol.com EM1897 at aol.com
Fri Feb 4 11:06:41 PST 2005


In a message dated 2/3/05 8:17:10 PM Eastern Standard Time, 
dillon at xxxxxxxxxxxxxxxxxxxx writes:
:>    This sounds like a network stack/mbuf issue.  Could you please post 
:>    the backtrace of the panic ? 
:
:Ok, here is the summary of the backtrace:
:
:panic: Trying to free NULL pointer
:panic()
:free()
:m_clalloc()

>    Well, that was an easy fix.  I've committed a fix, please continue
>    to try to crash the box with packets!
>
>    The patch is enclosed

The patch didn't fix the problem. However with a bit of digging, it seems that
this particular crash can be stopped with:

                if (data == NULL) {
                        if (mcl)
                                free(mcl, M_MBUFCL);
                        break;
                }

However it seems that if mcl == NULL && how != MB_WAIT then there is
no point in trying to allocate data, so the routine should fail there. Also 
the
case where mcl == NULL, how != MB_WAIT tries to use the null mcl if
data is successfully allocated. I think that something like the 
following seems needed:

if (mcl == NULL){
   if (how != MB_WAIT)
      break;
   mbstat.m_wait++;
   mcl = malloc(sizeof(*mcl),M_MBUFCL, M_WAITOK|M_NULLOK|M_ZERO);
   if (mcl == NULL){
      break;
   }
}

hopefully this is clear.

EM





More information about the Users mailing list