>>>>> On Wed, 10 Mar 2004 08:22:26 -0800, David Brownell <[EMAIL PROTECTED]> said:
David.B> It won't add new BUG_ON calls (WARN at worst) I put them there mostly as assertions. What I'd really want there is a DEBUG_BUG_ON, which is more like assert() in user-land (i.e., production code would drop the checks). WARN_ON() would be fine, too. >> The current OHCI relies on the internals of the dma_pool() >> implementation. If the implementation changed to, say, modify >> the memory that is free or, heaven forbid, return the memory to >> the kernel, you'd get _extremely_ difficult to track down race >> conditions. David.B> It'd be good if you said _how_ you think it relies on such David.B> internals. I thought I did. Suppose somebody changed the dma_pool code such that it would overwrite freed memory with an 0xf00000000000000 pattern. If the HC can still hold a reference to a freed ED (it can without my patch), the HC could see this kind of ED: hw=(info=00000000 tailp=f0000000 headp=00000000 nextED=f0000000) If so, the HC would go ahead and try to interpret the memory at address 0 as a transfer descriptor. Depending on the memory contents, this could cause silent data corruption at an arbitrary address. >> - thus you might get a case where hwTailP is 0 but hwHeadP is >> non-zero, which would cause the HC to happily start dereferencing >> the descriptor David.B> If you assume a bug where the ED is freed but still in use, David.B> that's hardly the only thing that'd go wrong!! You can't David.B> use such a potential bug to prove something else is broken. You lost me here. All I'm saying is that the current code has a dangerous race that can corrupt memory, crash machines, or have all sorts of other wild side-effects. I never claimed this bug had anything todo with the BTC keyboard problem. --david ------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click _______________________________________________ [EMAIL PROTECTED] To unsubscribe, use the last form field at: https://lists.sourceforge.net/lists/listinfo/linux-usb-devel