Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 14 Aug 1999 13:14:24 +0000 (GMT)
From:      Nick Hibma <n_hibma@skylink.it>
To:        Bill Paul <wpaul@FreeBSD.org>
Cc:        CVS Committers FreeBSD <cvs-committers@FreeBSD.org>, cvs-all@FreeBSD.org, Doug Rabson <dfr@FreeBSD.org>
Subject:   Re: cvs commit: src/sys/kern subr_bus.c
Message-ID:  <Pine.BSF.4.10.9908141313150.350-100000@heidi.plazza.it>
In-Reply-To: <199908140511.WAA70637@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help 

Nasty one. I suggest the following patch as a follow up, I think this
is where the confusion came from:


RCS file: /home/ncvs/src/sys/kern/subr_bus.c,v
retrieving revision 1.36
diff -u -r1.36 subr_bus.c
--- subr_bus.c  1999/08/14 05:11:01     1.36
+++ subr_bus.c  1999/08/14 13:12:51
@@ -128,7 +128,7 @@
            desc->offset = m->offset;
            desc->method = m;
            m->refs++;
-           PDEBUG(("methods %p has the same name, %s, with offset %d",
+           PDEBUG(("method %p has the same name, %s, with offset %d",
                    (void *)m, desc->name, desc->offset));
            return;
        }
@@ -154,11 +154,11 @@
 static void
 unregister_method(struct device_op_desc *desc)
 {
-    struct method *m = desc->method;
-    m->refs--;
-    if (m->refs == 0) {
-       LIST_REMOVE(m, link);
-       free(m, M_DEVBUF);
+    desc->method->refs--;
+    if (desc->method->refs == 0) {
+       PDEBUG(("method %s, reached refcount 0", desc->name));
+       LIST_REMOVE(desc->method, link);
+       free(desc->method, M_DEVBUF);
        desc->method = 0;
     }
 }


Nick


On Fri, 13 Aug 1999, Bill Paul wrote:

> wpaul       1999/08/13 22:11:02 PDT
> 
>   Modified files:
>     sys/kern             subr_bus.c 
>   Log:
>   Grrrr. Fix a really lame bug that I tripped over while testing my miibus
>   stuff: unregister_methods() is horribly broken. The idea, if I'm not mistaken,
>   is that the refcount on a method is decremented, and only when it reaches
>   zero is the method freed. However desc->method is set to NULL unconditionally
>   regardless of the refcount, which means the method pointer is trashed the
>   first time the method is deallocated. The obvious detrimental effect is
>   that memory is leaked. The not so obvious effect is that when you call
>   unregister_method() the second time on the same method, you get a NULL
>   pointer dereference and a panic.
>   
>   Now I can successfully unload network device drivers and the miibus module
>   without crashing the system.
>   
>   *sigh*
>   
>   Revision  Changes    Path
>   1.36      +2 -2      src/sys/kern/subr_bus.c
> 
> 
> 

-- 
e-Mail: hibma@skylink.it



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.10.9908141313150.350-100000>