[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: Potential re(4) / netbsd-4 / i386 problem?
On Fri, Jul 23, 2010 at 12:12:24PM +0200, Manuel Bouyer wrote:
> On Wed, Jul 21, 2010 at 02:06:11PM +0200, Brad du Plessis wrote:
> > I've managed to reproduce this now in netbsd-5 too (source is about
> > 3 months old, not sure if there have been any changes since):
> > re0: discarding oversize frame (len=9041)
> > re0: discarding oversize frame (len=16158)
> > panic: kernel diagnostic assertion "pcg->pcg_avail == 0" failed:
> > file "../../../../kern_subr_pool.c", line 2580
> > As I think I've said before, the actual crash point is different
> > every time but the panic is always preceded by the discarding
> > oversize frame. Sometimes the len in the oversize frame message
> > is len=-1.
> is it possible that the re device is writting past its buffer (via DMA) and
> overwriting random memory ?
Check for buffer overruns by reserving a "guard region" on each side of
a DMA buffer. Write guard bytes (0xdeadbeefdeadbeef or something) in
each guard region. Check whether any bytes in the guard region were
modified before you reclaim a DMA buffer.
If that doesn't detect any problems, consider reclaiming DMA buffers
lazily: don't reclaim a buffer immediately, put put it on a queue. When
the queue grows N buffers deep, reclaim the first buffer you put on
it. Maybe an errant DMA lands on the buffer it while it "rests" on the
queue? Check a buffer's guard regions before you reclaim it. Consider
comparing the whole buffer against a copy you make when you put it on
David Young OJC Technologies
dyoung%ojctech.com@localhost Urbana, IL * (217) 278-3933
Main Index |
Thread Index |