Menu
▾
▴
[linuxsh-dev] slab poisoning
|
From: NIIBE Y. <gn...@ch...> - 2000-06-30 06:22:56
|
Stuart Menefy wrote: > A big of digging appears to show that an Ethernet frame is being written > into a slab of memory which is on the free list. I can't believe this > is a generic kernel/driver/mm problem, otherwise it would have been > fixed by now, but equally I can't see anything SuperH specific about this > either. > > Any ideas anyone? I think that there's a bug at stnic_block_input. Consider the case length is odd number. The variable length is incremented by one. The loop handles HALF (2-byte) at a time. This could be overflow the SKB buffer by one-byte. Just a one byte, but the field at skb->end is used for skb_datarefp macro. I guess this causes bad effect on resource calculation of SKB. -- |
