Date: Mon, 9 May 2005 17:20:06 GMT From: Warner Losh <imp@bsdimp.com> To: freebsd-usb@FreeBSD.org Subject: Re: usb/80829: possible panic when loading USB-modules Message-ID: <200505091720.j49HK6oh054195@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR usb/80829; it has been noted by GNATS. From: Warner Losh <imp@bsdimp.com> To: hselasky@c2i.net Cc: FreeBSD-gnats-submit@FreeBSD.ORG Subject: Re: usb/80829: possible panic when loading USB-modules Date: Mon, 09 May 2005 11:01:53 -0600 (MDT) > There is a special mechanism where probe/attach can clear an entry in the > array pointed to by "uaa->ifaces". The existing USB-driver allocates the > "uaa" in memory, but the "uaa->ifaces" is still on the stack ! This is going > to cause a panic for some devices when loaded as a module. > > usbd_status > usbd_probe_and_attach(device_ptr_t parent, usbd_device_handle dev, > int port, int addr) > > ... > usbd_interface_handle ifaces[256]; /* 256 is the absolute max */ > > ... > uaa.ifaces = ifaces; Good catch! > Allocate "ifaces" structure in memory, and make sure it gets freed, or revert > everything back to stack, which is way simpler! Can't go back to the stack method. It doesn't work. Since we can retain devices past the function call to usbd_probe_and_attach, we can't rely on anything on the stack. The problem here I believe is an oversight on my part when I did that code. Warner
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200505091720.j49HK6oh054195>