[patch] Fix panic after ohci/uhub cardbus device eject
Marcin Cieslak
saper at SYSTEM.PL
Sun Mar 16 03:43:16 UTC 2008
>Submitter-Id: current-users
>Originator: Marcin Cieslak
>Confidential: no
>Synopsis: [patch] Fix panic after ohci/uhub cardbus device eject
>Severity: critical
>Priority: high
>Category: usb
>Class: sw-bug
>Release: FreeBSD 7.0-PRERELEASE amd64
>Environment:
System: FreeBSD radziecki.saper.info 7.0-PRERELEASE FreeBSD 7.0-PRERELEASE #9: Sat Jan 26 01:36:13 CET 2008 saper at radziecki.saper.info:/usr/obj/usr/src/sys/VAIO amd64
>Description:
When ejecting Cardbus card implementing OHCI inteface, one may get
panic: ohci_rem_ed: ED not found
or
ucom0: detached
(null): at uhub4 port 1 (addr 2) disconnected
Fatal trap 12: page fault while in kernel mode
fault virtual address = 0x400
fault code = supervisor read, page not present
instruction pointer = 0x20:0xc0661e84
stack pointer = 0x28:0xd4d63b4c
frame pointer = 0x28:0xd4d63b6c
code segment = base 0x0, limit 0xfffff, type 0x1b
= DPL 0, pres 1, def32 1, gran 1
processor eflags = interrupt enabled, resume, IOPL = 0
current process = 31 (cbb0 event thread)
[thread pid 31 tid 100027 ]
Stopped at kobj_delete+0x14: movl 0x400(%eax),%ebx
when unplugging the device, as reported in this thread:
http://thread.gmane.org/gmane.os.freebsd.current/92196
http://thread.gmane.org/gmane.os.freebsd.current/92196/focus=100202
>How-To-Repeat:
Try removing Option GTMAX 7.2 3G UMTS modem device (also reported with HUAWEI
datacards).
>Fix:
First patch fixes the ohci_rem_ed panic, the next one fixes the kobj_delete
problem.
Index: ohci_pci.c
===================================================================
RCS file: /usr/home/ncvs/src/sys/dev/usb/ohci_pci.c,v
retrieving revision 1.50
diff -u -u -r1.50 ohci_pci.c
--- ohci_pci.c 21 Jun 2007 14:42:33 -0000 1.50
+++ ohci_pci.c 16 Mar 2008 01:33:07 -0000
@@ -348,6 +348,11 @@
{
ohci_softc_t *sc = device_get_softc(self);
+ if (sc->sc_bus.bdev) {
+ device_delete_child(self, sc->sc_bus.bdev);
+ sc->sc_bus.bdev = NULL;
+ }
+
if (sc->sc_flags & OHCI_SCFLG_DONEINIT) {
ohci_detach(sc, 0);
sc->sc_flags &= ~OHCI_SCFLG_DONEINIT;
@@ -367,10 +372,6 @@
err);
sc->ih = NULL;
}
- if (sc->sc_bus.bdev) {
- device_delete_child(self, sc->sc_bus.bdev);
- sc->sc_bus.bdev = NULL;
- }
if (sc->irq_res) {
bus_release_resource(self, SYS_RES_IRQ, 0, sc->irq_res);
sc->irq_res = NULL;
Index: usb_subr.c
===================================================================
RCS file: /usr/home/ncvs/src/sys/dev/usb/usb_subr.c,v
retrieving revision 1.95
diff -u -u -r1.95 usb_subr.c
--- usb_subr.c 30 Jun 2007 20:18:44 -0000 1.95
+++ usb_subr.c 16 Mar 2008 02:51:05 -0000
@@ -1379,8 +1379,6 @@
device_get_ivars(dev->subdevs[i]);
device_detach(dev->subdevs[i]);
free(uaap, M_USB);
- device_delete_child(device_get_parent(dev->subdevs[i]),
- dev->subdevs[i]);
dev->subdevs[i] = NULL;
}
}
More information about the freebsd-usb
mailing list