Date: Mon, 28 Jul 2003 12:52:01 -0700 From: John-Mark Gurney <gurney_j@efn.org> To: Gary Jennejohn <garyj@jennejohn.org> Cc: Lukas Ertl <l.ertl@univie.ac.at> Subject: Re: device driver memory leak in 5.1-20030726? Message-ID: <20030728195201.GT10708@funkthat.com> In-Reply-To: <200307281058.h6SAwPWM009155@peedub.jennejohn.org> References: <gurney_j@efn.org> <20030728010641.GQ10708@funkthat.com> <200307281058.h6SAwPWM009155@peedub.jennejohn.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Gary Jennejohn wrote this message on Mon, Jul 28, 2003 at 12:58 +0200:
> It appears to me that the test in usb_block_allocmem() should be
> (p->tag->parent == tag || p->tag->parent == tag->parent) and NOT
> p->tag == tag! That's because bus_dma_tag_create() uses the tag
> passed into usb_block_allocmem() as newtag->parent!
>
> Unfortunately, bus_dma_tag is an opaque type and there's no way to
> access the parent member anywhere but in the MD busdma_machdep.c :-(
>
> Anyway, as written there's no way that I can see that the code can
> work correctly.
You miss the code in the XXX bit that overrides the tag with the tag
passed in. If we allocate a fullblock, the tag doesn't need to be
overwriten since we end up freeing it, but in the fragment case, we
override the tag, and we don't need to keep the tag allocated by
usb_block_allocmem since we never end up freeing the block that is
part of the fragments.
The bug fixed in rev1.2 was because of a difference in how NetBSD/OpenBSD
handles things. We wouldn't need this if we had a size parameter to
bus_dmamem_alloc.
Please reread the code and see what I mean.
--
John-Mark Gurney Voice: +1 415 225 5579
"All that I will do, has been done, All that I have, has not."
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030728195201.GT10708>