Thread (66 messages) 66 messages, 6 authors, 2009-07-14

Re: [TIP] BUG kmalloc-4096: Poison overwritten (ath5k_rx_skb_alloc)

From: Jiri Slaby <hidden>
Date: 2009-02-26 20:53:29
Also in: lkml 

On 26.2.2009 02:06, Bob Copeland wrote:
quoted hunk ↗ jump to hunk
--- a/drivers/net/wireless/ath5k/base.c
+++ b/drivers/net/wireless/ath5k/base.c
@@ -1140,12 +1140,14 @@ ath5k_rxbuf_setup(struct ath5k_softc *sc, struct ath5k_buf *bf)
  	struct ath5k_hw *ah = sc->ah;
  	struct sk_buff *skb = bf->skb;
  	struct ath5k_desc *ds;
+	dma_addr_t dma_addr;

  	if (!skb) {
-		skb = ath5k_rx_skb_alloc(sc,&bf->skbaddr);
+		skb = ath5k_rx_skb_alloc(sc,&dma_addr);
  		if (!skb)
  			return -ENOMEM;
  		bf->skb = skb;
+		bf->skbaddr = dma_addr;
Hmm, rather than the caller, ath5k_rx_skb_alloc is wrong here in my 
eyes. It shouldn't touch the second parameter unless it knows it won't 
fail anymore.
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help