How to handle when a device driver panics?

[tomaka]

Imagine the situation: a device driver allocates buffers in RAM, then configures a hardware device to write in these buffers, then the driver panics.
The hardware device might continue writing to the allocated buffers, meaning that it would be a bad idea to reclaim these buffers for something else.

A simple solution would be to leak these buffers forever, but a better one might exist.

[tomaka]

For PCI, this could probably be solved by writing the COMMAND register when a crash happens while a device was still locked, to deny the hardware device access to the memory.