Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 05 May 2005 15:06:37 -0700
From:      Julian Elischer <julian@elischer.org>
To:        Warner Losh <imp@bsdimp.com>
Cc:        usbcrash@oldach.net
Subject:   Re: recent USB MFCs cause panics
Message-ID:  <427A98ED.1000704@elischer.org>
In-Reply-To: <20050505.160055.78800132.imp@bsdimp.com>
References:  <427A8EF3.70003@elischer.org> <20050505.153302.71182158.imp@bsdimp.com>	<427A9690.9080108@elischer.org> <20050505.160055.78800132.imp@bsdimp.com>
next in thread | previous in thread | raw e-mail | index | archive | help 



Warner Losh wrote:

>From: Julian Elischer <julian@elischer.org>
>Subject: Re: recent USB MFCs cause panics
>Date: Thu, 05 May 2005 14:56:32 -0700
>
>  
>
>>Warner Losh wrote:
>>
>>    
>>
>>>From: Julian Elischer <julian@elischer.org>
>>>Subject: Re: recent USB MFCs cause panics
>>>Date: Thu, 05 May 2005 14:24:03 -0700
>>>
>>> 
>>>
>>>      
>>>
>>>>Julian Elischer wrote:
>>>>
>>>>try:
>>>>
>>>>in usb_port.h
>>>>comment out line 425 (as below)
>>>>
>>>>422
>>>>   423 #define config_detach(dev, flag) \
>>>>   424         do { \
>>>>   425                 /* device_detach(dev); */ \
>>>>   426                 free(device_get_ivars(dev), M_USB); \
>>>>   427                 device_delete_child(device_get_parent(dev), dev); \
>>>>   428         } while (0);
>>>>   429
>>>>   
>>>>
>>>>        
>>>>
>>>Commenting it out is lame...  I fixed this in current in uhub.c as
>>>well as here...  Since 'dev' is 0 here, I'm unsure that commenting it
>>>out will fix the problem because the next line frees it....
>>> 
>>>
>>>      
>>>
>>yes I noticed that..
>>the next line doesn't free it, it frees the ivars
>>which I don't think is the same thing..
>>    
>>
>
>if dev is NULL, then freeing the ivars from dev will still result in a
>NULL pointer dereference...
>
>  
>
>>the problem is that the 5.0 code does the  device_delete_child() (as you 
>>see above)
>>where 4.x did it in the device_detach()
>>so with this merge I get the worst of both worlds..
>>
>>the answer is to make uhub.c not call it's bus_child_detached() method 
>>(as 5.0 doesn't)
>>or to make it a null function, as it clears the subdev entry which 
>>causes this problem.
>>    
>>
>
>Yes.  I think that's the more correct fix.
>  
>

Is there a reason tio not just remove the method entry?
will it default to a good default?   (i.e. not an error default?)
if not then I guess just stubbibg the method would work..

>Warner
>  
>

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?427A98ED.1000704>