usb/80829: possible panic when loading USB-modules
Hans Petter Selasky
hselasky at c2i.net
Mon May 9 09:50:09 PDT 2005
>Number: 80829
>Category: usb
>Synopsis: possible panic when loading USB-modules
>Confidential: no
>Severity: critical
>Priority: medium
>Responsible: freebsd-usb
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Mon May 09 16:50:07 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator: HPS
>Release: FreeBSD 6.0-CURRENT i386
>Organization:
>Environment:
System: FreeBSD 6.0-CURRENT FreeBSD 6.0-CURRENT #45: Mon Mar 21 15:40:17 CET
2005 root@:/usr/obj/usr/src/sys/custom i386
>Description:
There is a special mechanism where probe/attach can clear an entry in the
array pointed to by "uaa->ifaces". The existing USB-driver allocates the
"uaa" in memory, but the "uaa->ifaces" is still on the stack ! This is going
to cause a panic for some devices when loaded as a module.
usbd_status
usbd_probe_and_attach(device_ptr_t parent, usbd_device_handle dev,
int port, int addr)
...
usbd_interface_handle ifaces[256]; /* 256 is the absolute max */
...
uaa.ifaces = ifaces;
>How-To-Repeat:
>Fix:
Allocate "ifaces" structure in memory, and make sure it gets freed, or revert
everything back to stack, which is way simpler!
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-usb
mailing list