From mboxrd@z Thu Jan 1 00:00:00 1970 From: Gerd Knorr Subject: Re: veth0 stuff in -unstable? Date: 14 Jul 2005 16:58:34 +0200 Message-ID: <87br55l9id.fsf@bytesex.org> References: <42CEC5A9.1060707@us.ibm.com> <87k6jtlb64.fsf@bytesex.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Return-path: In-Reply-To: <87k6jtlb64.fsf@bytesex.org> List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xensource.com Errors-To: xen-devel-bounces@lists.xensource.com To: Nate Carlson Cc: xen-devel@lists.xensource.com List-Id: xen-devel@lists.xenproject.org Gerd Knorr writes: > for (i = 0; i < skb_shinfo(skb)->nr_frags; i++) > put_page(skb_shinfo(skb)->frags[i].page); > > ebx is the loop count and is zero, so it's the first time we enter the > loop. skb_shinfo(skb)->frags[0].page is loaded into edx. It is > 0xffffffff (-1?). Trying to dereference edx faults because it points > into xen's memory area ... > > So the question is why the heck the struct page pointer is -1 at this > point? Hmm, added a quick check to the most obvious place, that doesn't trigger though, so it must happen somewhere else ... Ideas anyone? Gerd Index: linux-2.6.12-work/drivers/xen/netback/netback.c =================================================================== --- linux-2.6.12-work.orig/drivers/xen/netback/netback.c 2005-07-14 16:41:22.000000000 +0200 +++ linux-2.6.12-work/drivers/xen/netback/netback.c 2005-07-14 16:43:18.000000000 +0200 @@ -626,6 +626,7 @@ static void net_tx_action(unsigned long /* Append the packet payload as a fragment. */ skb_shinfo(skb)->frags[0].page = virt_to_page(MMAP_VADDR(pending_idx)); + BUG_ON((void*)-1 == skb_shinfo(skb)->frags[0].page); skb_shinfo(skb)->frags[0].size = txreq.size - data_len; skb_shinfo(skb)->frags[0].page_offset = (txreq.addr + data_len) & ~PAGE_MASK;