* [9fans] wired loop in usbehci / isohsinit()
@ 2013-04-11 15:02 kernel panic
0 siblings, 0 replies; only message in thread
From: kernel panic @ 2013-04-11 15:02 UTC (permalink / raw)
To: Fans of the OS Plan 9 from Bell Labs
this td->buffer[i] access makes no sense.
static void
isohsinit(Ep *ep, Isoio *iso)
{
int ival, p;
long left;
ulong frno, i, pa;
Itd *ltd, *td;
iso->hs = 1;
ival = 1;
if(ep->pollival > 8)
ival = ep->pollival/8;
left = 0;
ltd = nil;
frno = iso->td0frno;
for(i = 0; i < iso->nframes; i++){
td = itdalloc();
td->data = iso->data + i * 8 * iso->maxsize;
pa = PADDR(td->data) & ~0xFFF;
for(p = 0; p < 8; p++)
td->buffer[i] = pa + p * 0x1000; // <--------- HERE
td->buffer[0] = PADDR(iso->data) & ~0xFFF |
ep->nb << Itdepshift | ep->dev->nb << Itddevshift;
if(ep->mode == OREAD)
td->buffer[1] |= Itdin;
else
td->buffer[1] |= Itdout;
td->buffer[1] |= ep->maxpkt << Itdmaxpktshift;
td->buffer[2] |= ep->ntds << Itdntdsshift;
if(ep->mode == OREAD)
td->mdata = 8 * iso->maxsize;
else{
td->mdata = (ep->hz + left) * ep->pollival / 1000;
td->mdata *= ep->samplesz;
left = (ep->hz + left) * ep->pollival % 1000;
}
coherence();
iso->itdps[frno] = td;
coherence();
itdinit(iso, td);
if(ltd != nil)
ltd->next = td;
ltd = td;
frno = TRUNC(frno + ival, Nisoframes);
}
}
--
cinap
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2013-04-11 15:02 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2013-04-11 15:02 [9fans] wired loop in usbehci / isohsinit() kernel panic
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).