Hello Jose,
I remember that you had a problem with a use after free in stmmac_tx_clean(). I still don't think that it is related to commit 05cf0d1bf4, however, when comparing the stmmac driver to the amd-xgbe driver I realized that: xgbe_tx_poll() has both a smp_rmb() after fetching cur_tx, and also a dma_rmb() after reading the own bit, before reading any other descriptor fields. stmmac_tx_clean() has neither a smp_rmb() or a dma_rmb(). Also xgbe_dev_xmit() has a dma_wmb() _before_ setting the own bit, and a smp_wmb() after setting the own bit. stmmac simply has a dma_wmb() _after_ setting the own bit. I assume you are using a SMP system. If you can still reproduce your problem quite easily, perhaps you could try to make stmmac look more like xgbe in these regards, and see if that solves your use after free crash in stmmac_tx_clean(). Kind regards, Niklas
