From owner-freebsd-usb@FreeBSD.ORG  Mon May  9 16:50:09 2005
Return-Path: <owner-freebsd-usb@FreeBSD.ORG>
Delivered-To: freebsd-usb@hub.freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 3AD1716A501
	for <freebsd-usb@hub.freebsd.org>;
	Mon,  9 May 2005 16:50:09 +0000 (GMT)
Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21])
	by mx1.FreeBSD.org (Postfix) with ESMTP id E34BC43D79
	for <freebsd-usb@hub.freebsd.org>;
	Mon,  9 May 2005 16:50:08 +0000 (GMT)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1])
	by freefall.freebsd.org (8.13.3/8.13.3) with ESMTP id j49Go8Yt049285
	for <freebsd-usb@freefall.freebsd.org>; Mon, 9 May 2005 16:50:08 GMT
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.13.3/8.13.1/Submit) id j49Go8Hl049269;
	Mon, 9 May 2005 16:50:08 GMT
	(envelope-from gnats)
Resent-Date: Mon, 9 May 2005 16:50:08 GMT
Resent-Message-Id: <200505091650.j49Go8Hl049269@freefall.freebsd.org>
Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer)
Resent-To: freebsd-usb@FreeBSD.org
Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, hselasky@c2i.net
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id B4BAD16A4E9
	for <FreeBSD-gnats-submit@freebsd.org>;
	Mon,  9 May 2005 16:48:33 +0000 (GMT)
Received: from swip.net (mailfe09.swipnet.se [212.247.155.1])
	by mx1.FreeBSD.org (Postfix) with ESMTP id E0F8343D41
	for <FreeBSD-gnats-submit@freebsd.org>;
	Mon,  9 May 2005 16:48:32 +0000 (GMT)
	(envelope-from hselasky@c2i.net)
Received: from mp-217-230-116.daxnet.no ([193.217.230.116] verified)
	by mailfe09.swip.net (CommuniGate Pro SMTP 4.3c5)
	with ESMTP id 150625421 for FreeBSD-gnats-submit@freebsd.org;
	Mon, 09 May 2005 18:48:31 +0200
Message-Id: <200505091849.15420.hselasky@c2i.net>
Date: Mon, 9 May 2005 18:49:14 +0200
From: Hans Petter Selasky <hselasky@c2i.net>
To: FreeBSD-gnats-submit@FreeBSD.org
Subject: usb/80829: possible panic when loading USB-modules
X-BeenThere: freebsd-usb@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
Reply-To: hselasky@c2i.net
List-Id: FreeBSD support for USB <freebsd-usb.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-usb>,
	<mailto:freebsd-usb-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-usb>
List-Post: <mailto:freebsd-usb@freebsd.org>
List-Help: <mailto:freebsd-usb-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-usb>,
	<mailto:freebsd-usb-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 09 May 2005 16:50:09 -0000


>Number:         80829
>Category:       usb
>Synopsis:       possible panic when loading USB-modules
>Confidential:   no
>Severity:       critical
>Priority:       medium
>Responsible:    freebsd-usb
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon May 09 16:50:07 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator:     HPS
>Release:        FreeBSD 6.0-CURRENT i386
>Organization:
>Environment:
System: FreeBSD 6.0-CURRENT FreeBSD 6.0-CURRENT #45: Mon Mar 21 15:40:17 CET 
2005 root@:/usr/obj/usr/src/sys/custom i386

>Description:

There is a special mechanism where probe/attach can clear an entry in the 
array pointed to by "uaa->ifaces". The existing USB-driver allocates the 
"uaa" in memory, but the "uaa->ifaces" is still on the stack ! This is going 
to cause a panic for some devices when loaded as a module.

usbd_status
usbd_probe_and_attach(device_ptr_t parent, usbd_device_handle dev,
                      int port, int addr)

...
        usbd_interface_handle ifaces[256]; /* 256 is the absolute max */

...
  uaa.ifaces = ifaces;

>How-To-Repeat:

>Fix:

Allocate "ifaces" structure in memory, and make sure it gets freed, or revert 
everything back to stack, which is way simpler!
>Release-Note:
>Audit-Trail:
>Unformatted: