* Christopher Zimmermann <madro...@zakweb.de> [2009-10-24 14:04]: > In porting this SIS191 driver from freeBSD I'm stuck trying to fix a > kernel panic in pool_do_get: > > panic: pool_do_get(mbpl: free list modified > > trace: > panic() > pool_do_get() > pool_get() > m_gethdr() > > What I don't understand is in my driver m_gethdr(M_DONTWAIT, M_DATA) is > called. Therefore pool_get should only get pool_get(&mbpool, 0). > So what is my driver doing wrong to produce this crash??? > Could it be a hint that my driver is leaking memory?
no, the most likely cause is a use-after-free. a pool item that is on the free list (aka, was freed by calling pool_get on it) was modified. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting
