usb/80829: possible panic when loading USB-modules
Warner Losh
imp at bsdimp.com
Mon May 9 10:20:06 PDT 2005
The following reply was made to PR usb/80829; it has been noted by GNATS.
From: Warner Losh <imp at bsdimp.com>
To: hselasky at c2i.net
Cc: FreeBSD-gnats-submit at FreeBSD.ORG
Subject: Re: usb/80829: possible panic when loading USB-modules
Date: Mon, 09 May 2005 11:01:53 -0600 (MDT)
> There is a special mechanism where probe/attach can clear an entry in the
> array pointed to by "uaa->ifaces". The existing USB-driver allocates the
> "uaa" in memory, but the "uaa->ifaces" is still on the stack ! This is going
> to cause a panic for some devices when loaded as a module.
>
> usbd_status
> usbd_probe_and_attach(device_ptr_t parent, usbd_device_handle dev,
> int port, int addr)
>
> ...
> usbd_interface_handle ifaces[256]; /* 256 is the absolute max */
>
> ...
> uaa.ifaces = ifaces;
Good catch!
> Allocate "ifaces" structure in memory, and make sure it gets freed, or revert
> everything back to stack, which is way simpler!
Can't go back to the stack method. It doesn't work. Since we can
retain devices past the function call to usbd_probe_and_attach, we
can't rely on anything on the stack. The problem here I believe is an
oversight on my part when I did that code.
Warner
More information about the freebsd-usb
mailing list