cvs commit: src/sys/sys firmware.h src/sys/kern subr_firmware.c

John Baldwin jhb at
Mon Jun 19 14:12:38 UTC 2006

On Friday 16 June 2006 20:47, Ian Dowse wrote:
> In message <200606161457.23420.jhb at>, John Baldwin writes:
> >But unloadentry() would never unload such a module because fp->file
> >is NULL.  unloadentry() would only call clearentry() and then 
> >linker_file_unload() on an explicitly loaded firmware module.
>  - driver calls firmware_get, firmware image loaded and fp->file set to non-NULL
>  - manually kldload some_module_that_depends_on_firmware_image
>  - driver calls firmware_put, unloadentry called and sets fp->file = NULL
> If at this point the entry was cleared then all future calls to
> firmware_get would fail even though the module is still available,
> referenced and loaded.
> I'm not saying that these cases are particularly important or that
> there aren't bugs in the current code; just that mixing up the
> layers doesn't help ;-)

In practice no modules depend on firmware modules. :)  I think we should
take the approach of not clearing fp->file in unloadentry() however.
That would result in correct behavior in every case I can think of (or as
close to correct as you can get).  In the above case the
linker_file_unload() would have fail leaving the firmware module around.
If you later kldunload'ed the other module, the firmware module would still
be around and if a driver did another firmware_get/put sequence then the
module would finally be unloaded on the second firmware_put().

However, that case will be much more rare than the current standalone
firmware modules which can get into a funk where they can never be
unloaded since the firmware(9) code would have leaked a reference
(since it cleared fp->file just assuming that linker_file_unload() will
work, but it might fail) and the user can't use kldunload to unload it
even though the firmware isn't in use.

John Baldwin <jhb at>  <><
"Power Users Use the Power to Serve"  =

More information about the cvs-src mailing list