From owner-freebsd-usb@FreeBSD.ORG Thu May 5 22:03:51 2005 Return-Path: Delivered-To: freebsd-usb@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8706A16A4CE for ; Thu, 5 May 2005 22:03:51 +0000 (GMT) Received: from harmony.village.org (rover.village.org [168.103.84.182]) by mx1.FreeBSD.org (Postfix) with ESMTP id 170B543DA9 for ; Thu, 5 May 2005 22:03:51 +0000 (GMT) (envelope-from imp@bsdimp.com) Received: from localhost (localhost.village.org [127.0.0.1]) by harmony.village.org (8.13.3/8.13.1) with ESMTP id j45M0tj6094338; Thu, 5 May 2005 16:00:55 -0600 (MDT) (envelope-from imp@bsdimp.com) Date: Thu, 05 May 2005 16:00:55 -0600 (MDT) Message-Id: <20050505.160055.78800132.imp@bsdimp.com> To: julian@elischer.org From: Warner Losh In-Reply-To: <427A9690.9080108@elischer.org> References: <427A8EF3.70003@elischer.org> <20050505.153302.71182158.imp@bsdimp.com> <427A9690.9080108@elischer.org> X-Mailer: Mew version 3.3 on Emacs 21.3 / Mule 5.0 (SAKAKI) Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit cc: usb@freebsd.org cc: usbcrash@oldach.net Subject: Re: recent USB MFCs cause panics X-BeenThere: freebsd-usb@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: FreeBSD support for USB List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 05 May 2005 22:03:51 -0000 From: Julian Elischer Subject: Re: recent USB MFCs cause panics Date: Thu, 05 May 2005 14:56:32 -0700 > > > Warner Losh wrote: > > >From: Julian Elischer > >Subject: Re: recent USB MFCs cause panics > >Date: Thu, 05 May 2005 14:24:03 -0700 > > > > > > > >>Julian Elischer wrote: > >> > >>try: > >> > >>in usb_port.h > >>comment out line 425 (as below) > >> > >>422 > >> 423 #define config_detach(dev, flag) \ > >> 424 do { \ > >> 425 /* device_detach(dev); */ \ > >> 426 free(device_get_ivars(dev), M_USB); \ > >> 427 device_delete_child(device_get_parent(dev), dev); \ > >> 428 } while (0); > >> 429 > >> > >> > > > >Commenting it out is lame... I fixed this in current in uhub.c as > >well as here... Since 'dev' is 0 here, I'm unsure that commenting it > >out will fix the problem because the next line frees it.... > > > > > > yes I noticed that.. > the next line doesn't free it, it frees the ivars > which I don't think is the same thing.. if dev is NULL, then freeing the ivars from dev will still result in a NULL pointer dereference... > the problem is that the 5.0 code does the device_delete_child() (as you > see above) > where 4.x did it in the device_detach() > so with this merge I get the worst of both worlds.. > > the answer is to make uhub.c not call it's bus_child_detached() method > (as 5.0 doesn't) > or to make it a null function, as it clears the subdev entry which > causes this problem. Yes. I think that's the more correct fix. Warner