Hmm, I think I may have eyeballed the problem. When the server function (ds_device_write) returns something other than KERN_SUCCESS (zero) or MIG_NO_REPLY, then the message body will get destroyed by the kernel. What's happening is that we call vm_map_copyout, which consumes the ool stuff in the message body, and then later return an error, which makes the kernel try to free the already-consumed stuff.
In gnumach/linux/dev/glue/block.c, you'll see that device_write never returns an error code directly after it has used the copy object, it returns MIG_NO_REPLY after sending the reply explicitly. I think that's what we need to do for the error cases. _______________________________________________ Bug-hurd mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/bug-hurd
