kern/89362: Stale references to freed memory
hselasky at c2i.net
Mon Nov 21 12:20:19 GMT 2005
>Synopsis: Stale references to freed memory
>Arrival-Date: Mon Nov 21 12:20:17 GMT 2005
>Release: FreeBSD 7-current
FreeBSD 7-current i386
When one sets up an interrupt handler from the "probe" method of an ISA/PNP/PCI/USB ... device driver, the interrupt name becomes garbled, when using "ps aux |grep irq". This is because the device system frees the pointer returned by "device_get_nameunit(dev)" between probe and attach. I suggest that one extends "device_t" with "char dev_nameunit", and use that, instead of allocating memory.
In general, storing any pointers returned by "device_get_nameunit(dev)" in the "device_probe" method, for later use, will cause problems.
Set up an interrupt handler from the "probe" method of a device driver.
Store the "device_get_nameunit(dev)" pointer when in the "device_probe" method. Print it out after attach, when the pointer has been freed and allocated again.
Set up the interrupt handler from the "attach" method of a device driver. Make a copy of "device_get_nameunit(dev)" and not a reference.
More information about the freebsd-bugs