Index: sys/i386/i386/machdep.c =================================================================== RCS file: /home/ncvs/src/sys/i386/i386/machdep.c,v retrieving revision 1.385.2.10 diff -u -r1.385.2.10 machdep.c --- sys/i386/i386/machdep.c 2001/02/09 02:58:48 1.385.2.10 +++ sys/i386/i386/machdep.c 2001/02/28 02:05:26 @@ -392,6 +392,7 @@ bzero(mclrefcnt, mb_map_size / MCLBYTES); mb_map = kmem_suballoc(kmem_map, (vm_offset_t *)&mbutl, &maxaddr, mb_map_size); + mbtop_a = maxaddr; mb_map->system_map = 1; } Index: sys/kern/uipc_mbuf.c =================================================================== RCS file: /home/ncvs/src/sys/kern/uipc_mbuf.c,v retrieving revision 1.51.2.3 diff -u -r1.51.2.3 uipc_mbuf.c --- sys/kern/uipc_mbuf.c 2000/08/25 23:23:32 1.51.2.3 +++ sys/kern/uipc_mbuf.c 2001/03/02 01:31:47 @@ -56,10 +56,12 @@ SYSINIT(mbuf, SI_SUB_MBUF, SI_ORDER_FIRST, mbinit, NULL) struct mbuf *mbutl; +vm_offset_t mbtop_a; char *mclrefcnt; struct mbstat mbstat; u_long mbtypes[MT_NTYPES]; struct mbuf *mmbfree; +struct mbuf *mmbfree2; union mcluster *mclfree; int max_linkhdr; int max_protohdr; @@ -107,7 +109,7 @@ { int s; - mmbfree = NULL; mclfree = NULL; + mmbfree2 = mmbfree = NULL; mclfree = NULL; mbstat.m_msize = MSIZE; mbstat.m_mclbytes = MCLBYTES; mbstat.m_minclsize = MINCLSIZE; @@ -186,6 +188,7 @@ mmbfree = (struct mbuf *)p; p += MSIZE; } + mmbfree2 = mmbfree; mbstat.m_mbufs += nmb; mbtypes[MT_FREE] += nmb; return (1); Index: sys/sys/mbuf.h =================================================================== RCS file: /home/ncvs/src/sys/sys/mbuf.h,v retrieving revision 1.44.2.8 diff -u -r1.44.2.8 mbuf.h --- sys/sys/mbuf.h 2001/02/04 14:49:59 1.44.2.8 +++ sys/sys/mbuf.h 2001/03/02 01:49:15 @@ -37,6 +37,8 @@ #ifndef _SYS_MBUF_H_ #define _SYS_MBUF_H_ +#include + /* * Mbufs are of a single size, MSIZE (machine/param.h), which * includes overhead. An mbuf may add a single "mbuf cluster" of size @@ -284,7 +286,11 @@ (void)m_mballoc(1, _mhow); \ _mm = mmbfree; \ if (_mm != NULL) { \ + KASSERT((_mm >= mbutl) && ((vm_offset_t)_mm <= \ + mbtop_a), \ + ("alloc: mmbfree out of range: %x", _mm)); \ mmbfree = _mm->m_next; \ + mmbfree2 = mmbfree; \ mbtypes[MT_FREE]--; \ _mm->m_type = _mtype; \ mbtypes[_mtype]++; \ @@ -314,7 +320,11 @@ (void)m_mballoc(1, _mhow); \ _mm = mmbfree; \ if (_mm != NULL) { \ + KASSERT((_mm >= mbutl) && ((vm_offset_t)_mm <= \ + mbtop_a), \ + ("alloc: mmbfree out of range: %x", _mm)); \ mmbfree = _mm->m_next; \ + mmbfree2 = mmbfree; \ mbtypes[MT_FREE]--; \ _mm->m_type = _mtype; \ mbtypes[_mtype]++; \ @@ -419,7 +429,11 @@ #define MFREE(m, n) MBUFLOCK( \ struct mbuf *_mm = (m); \ \ + KASSERT(((vm_offset_t)_mm >= (vm_offset_t)mbutl) && \ + ((vm_offset_t)_mm <= mbtop_a), ("Bogus free: %x", _mm)); \ KASSERT(_mm->m_type != MT_FREE, ("freeing free mbuf")); \ + snprintf((caddr_t)(_mm->m_pktdat + 50), 50, \ + "DBG: %s : %d", __FILE__, __LINE__); \ mbtypes[_mm->m_type]--; \ if (_mm->m_flags & M_EXT) \ MEXTFREE1(m); \ @@ -428,6 +442,7 @@ mbtypes[MT_FREE]++; \ _mm->m_next = mmbfree; \ mmbfree = _mm; \ + mmbfree2 = mmbfree; \ MMBWAKEUP(); \ ) @@ -546,9 +561,11 @@ extern u_long mbtypes[MT_NTYPES]; /* per-type mbuf allocations */ extern int mbuf_wait; /* mbuf sleep time */ extern struct mbuf *mbutl; /* virtual address of mclusters */ +extern vm_offset_t mbtop_a; /* virtual boundry address */ extern char *mclrefcnt; /* cluster reference counts */ extern union mcluster *mclfree; extern struct mbuf *mmbfree; +extern struct mbuf *mmbfree2; extern int nmbclusters; extern int nmbufs; extern int nsfbufs;