With open firmware being distributed by some distros, the problem of a duplicate skb returned to b43_dma_handle_txstatus() is being reported. (See Bug #538579 at [email protected].)
When this problem occurs, A BUG_ON() is encountered - the kernel panic yields little information. This patch turns that panic into a KERN_ERR message. The interface will not continue; however, reporting of the condition is better. Signed-off-by: Larry Finger <[email protected]> Cc: Stable <[email protected]> --- John, This change should be sent to 2.6.32. I have used a variation of it in private testing for the openfwwf project, and would have sent it up earlier if I had known that the open firmware was being distributed. Larry --- Index: wireless-testing/drivers/net/wireless/b43/dma.c =================================================================== --- wireless-testing.orig/drivers/net/wireless/b43/dma.c +++ wireless-testing/drivers/net/wireless/b43/dma.c @@ -1522,7 +1522,13 @@ void b43_dma_handle_txstatus(struct b43_ if (meta->is_last_fragment) { struct ieee80211_tx_info *info; - BUG_ON(!meta->skb); + if (meta->skb == (void *)0x0606060606060606) { + printk(KERN_ERR "b43: Duplicate free of skb\n"); + return; + } else if (!meta->skb) { + printk(KERN_ERR "b43: skb is NULL\n"); + return; + } info = IEEE80211_SKB_CB(meta->skb); @@ -1540,8 +1546,8 @@ void b43_dma_handle_txstatus(struct b43_ #endif /* DEBUG */ ieee80211_tx_status(dev->wl->hw, meta->skb); - /* skb is freed by ieee80211_tx_status() */ - meta->skb = NULL; + /* skb was freed by ieee80211_tx_status() - poison it */ + meta->skb = (void *)0x0606060606060606; } else { /* No need to call free_descriptor_buffer here, as * this is only the txhdr, which is not allocated. _______________________________________________ Bcm43xx-dev mailing list [email protected] https://lists.berlios.de/mailman/listinfo/bcm43xx-dev
