From owner-freebsd-usb@FreeBSD.ORG  Mon May  9 17:20:06 2005
Return-Path: <owner-freebsd-usb@FreeBSD.ORG>
Delivered-To: freebsd-usb@hub.freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id A8D2D16A4E9
	for <freebsd-usb@hub.freebsd.org>;
	Mon,  9 May 2005 17:20:06 +0000 (GMT)
Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 92A2443D80
	for <freebsd-usb@hub.freebsd.org>;
	Mon,  9 May 2005 17:20:06 +0000 (GMT)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1])
	by freefall.freebsd.org (8.13.3/8.13.3) with ESMTP id j49HK6Xn054196
	for <freebsd-usb@freefall.freebsd.org>; Mon, 9 May 2005 17:20:06 GMT
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.13.3/8.13.1/Submit) id j49HK6oh054195;
	Mon, 9 May 2005 17:20:06 GMT
	(envelope-from gnats)
Date: Mon, 9 May 2005 17:20:06 GMT
Message-Id: <200505091720.j49HK6oh054195@freefall.freebsd.org>
To: freebsd-usb@FreeBSD.org
From: Warner Losh <imp@bsdimp.com>
Subject: Re: usb/80829: possible panic when loading USB-modules
X-BeenThere: freebsd-usb@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
Reply-To: Warner Losh <imp@bsdimp.com>
List-Id: FreeBSD support for USB <freebsd-usb.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-usb>,
	<mailto:freebsd-usb-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-usb>
List-Post: <mailto:freebsd-usb@freebsd.org>
List-Help: <mailto:freebsd-usb-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-usb>,
	<mailto:freebsd-usb-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 09 May 2005 17:20:06 -0000

The following reply was made to PR usb/80829; it has been noted by GNATS.

From: Warner Losh <imp@bsdimp.com>
To: hselasky@c2i.net
Cc: FreeBSD-gnats-submit@FreeBSD.ORG
Subject: Re: usb/80829: possible panic when loading USB-modules
Date: Mon, 09 May 2005 11:01:53 -0600 (MDT)

 > There is a special mechanism where probe/attach can clear an entry in the 
 > array pointed to by "uaa->ifaces". The existing USB-driver allocates the 
 > "uaa" in memory, but the "uaa->ifaces" is still on the stack ! This is going 
 > to cause a panic for some devices when loaded as a module.
 > 
 > usbd_status
 > usbd_probe_and_attach(device_ptr_t parent, usbd_device_handle dev,
 >                       int port, int addr)
 > 
 > ...
 >         usbd_interface_handle ifaces[256]; /* 256 is the absolute max */
 > 
 > ...
 >   uaa.ifaces = ifaces;
 
 Good catch!
 
 > Allocate "ifaces" structure in memory, and make sure it gets freed, or revert 
 > everything back to stack, which is way simpler!
 
 Can't go back to the stack method.  It doesn't work.  Since we can
 retain devices past the function call to usbd_probe_and_attach, we
 can't rely on anything on the stack.  The problem here I believe is an
 oversight on my part when I did that code.
 
 Warner