Date: Sun, 14 Sep 2008 02:36:34 GMT From: Hans Petter Selasky <hselasky@FreeBSD.org> To: Perforce Change Reviews <perforce@FreeBSD.org> Subject: PERFORCE change 149730 for review Message-ID: <200809140236.m8E2aYK7015281@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=149730 Change 149730 by hselasky@hselasky_laptop001 on 2008/09/14 02:35:38 Fix some bugs, mostly NULL-pointer references. Affected files ... .. //depot/projects/usb/src/sys/dev/usb2/controller/ohci2_atmelarm.c#8 edit .. //depot/projects/usb/src/sys/dev/usb2/controller/usb2_controller.c#10 edit .. //depot/projects/usb/src/sys/dev/usb2/core/usb2_dev.c#29 edit .. //depot/projects/usb/src/sys/dev/usb2/include/usb2_ioctl.h#16 edit Differences ... ==== //depot/projects/usb/src/sys/dev/usb2/controller/ohci2_atmelarm.c#8 (text) ==== @@ -153,12 +153,13 @@ ohci_atmelarm_detach(device_t dev) { struct at91_ohci_softc *sc = device_get_softc(dev); + device_t bdev; int err; if (sc->sc_ohci.sc_bus.bdev) { - device_detach(sc->sc_ohci.sc_bus.bdev); - device_delete_child(dev, sc->sc_ohci.sc_bus.bdev); - sc->sc_ohci.sc_bus.bdev = NULL; + bdev = sc->sc_ohci.sc_bus.bdev; + device_detach(bdev); + device_delete_child(dev, bdev); } /* during module unload there are lots of children leftover */ device_delete_all_children(dev); ==== //depot/projects/usb/src/sys/dev/usb2/controller/usb2_controller.c#10 (text+ko) ==== @@ -221,10 +221,8 @@ dev = bus->bdev; /* clear the softc */ device_set_softc(dev, NULL); - /* clear bdev variable */ - bus->bdev = NULL; + mtx_unlock(&bus->mtx); - mtx_unlock(&bus->mtx); mtx_lock(&Giant); /* detach children first */ @@ -239,6 +237,8 @@ mtx_unlock(&Giant); mtx_lock(&bus->mtx); + /* clear bdev variable last */ + bus->bdev = NULL; return; } ==== //depot/projects/usb/src/sys/dev/usb2/core/usb2_dev.c#29 (text+ko) ==== @@ -271,7 +271,10 @@ (psrc->iface_index >= USB_IFACE_MAX)) { return (EINVAL); } - devloc = 0; + if (level == 1) + devloc = USB_BUS_MAX; /* use root-HUB to access bus */ + else + devloc = 0; switch (level) { case 3: devloc += psrc->iface_index * @@ -296,6 +299,10 @@ } switch (level) { case 3: + if (loc.iface == NULL) { + usb2_unref_device(&loc); + return (EINVAL); + } pdst = &loc.iface->perm; break; case 2: @@ -345,7 +352,10 @@ return (EINVAL); } retry: - devloc = 0; + if (level == 1) + devloc = USB_BUS_MAX; /* use root-HUB to access bus */ + else + devloc = 0; switch (level) { case 3: devloc += pdst->iface_index * @@ -370,6 +380,10 @@ } switch (level) { case 3: + if (loc.iface == NULL) { + usb2_unref_device(&loc); + return (EINVAL); + } psrc = &loc.iface->perm; break; case 2: @@ -495,16 +509,16 @@ mtx_lock(&usb2_ref_lock); ploc->bus = devclass_get_softc(usb2_devclass_ptr, ploc->bus_index); if (ploc->bus == NULL) { - DPRINTFN(2, "no bus\n"); + DPRINTFN(2, "no bus at %u\n", ploc->bus_index); goto error; } if (ploc->dev_index >= ploc->bus->devices_max) { - DPRINTFN(2, "invalid dev index\n"); + DPRINTFN(2, "invalid dev index, %u\n", ploc->dev_index); goto error; } ploc->udev = ploc->bus->devices[ploc->dev_index]; if (ploc->udev == NULL) { - DPRINTFN(2, "no device\n"); + DPRINTFN(2, "no device at %u\n", ploc->dev_index); goto error; } if (ploc->udev->refcount == USB_DEV_REF_MAX) { ==== //depot/projects/usb/src/sys/dev/usb2/include/usb2_ioctl.h#16 (text+ko) ==== @@ -241,10 +241,10 @@ #define USB_SET_BUS_PERM _IOW ('U', 129, struct usb2_dev_perm) #define USB_SET_DEVICE_PERM _IOW ('U', 130, struct usb2_dev_perm) #define USB_SET_IFACE_PERM _IOW ('U', 131, struct usb2_dev_perm) -#define USB_GET_ROOT_PERM _IOW ('U', 132, struct usb2_dev_perm) -#define USB_GET_BUS_PERM _IOW ('U', 133, struct usb2_dev_perm) -#define USB_GET_DEVICE_PERM _IOW ('U', 134, struct usb2_dev_perm) -#define USB_GET_IFACE_PERM _IOW ('U', 135, struct usb2_dev_perm) +#define USB_GET_ROOT_PERM _IOWR('U', 132, struct usb2_dev_perm) +#define USB_GET_BUS_PERM _IOWR('U', 133, struct usb2_dev_perm) +#define USB_GET_DEVICE_PERM _IOWR('U', 134, struct usb2_dev_perm) +#define USB_GET_IFACE_PERM _IOWR('U', 135, struct usb2_dev_perm) #define USB_SET_TX_FORCE_SHORT _IOW ('U', 136, int) #define USB_SET_TX_TIMEOUT _IOW ('U', 137, int) #define USB_GET_TX_FRAME_SIZE _IOR ('U', 138, int)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200809140236.m8E2aYK7015281>