summaryrefslogtreecommitdiffstats
path: root/sys/boot/kshim/bsd_kernel.c
diff options
context:
space:
mode:
authorhselasky <hselasky@FreeBSD.org>2016-11-07 08:36:06 +0000
committerhselasky <hselasky@FreeBSD.org>2016-11-07 08:36:06 +0000
commitea512fc24698cb90f6b4456e0a76fba1ca994e3a (patch)
tree54be7a70e07f49ecc9474f9c6f165a7812292e09 /sys/boot/kshim/bsd_kernel.c
parent7fa1d4ac3f1e9c0244c9fea96875bb5b6b0bc8ce (diff)
downloadFreeBSD-src-ea512fc24698cb90f6b4456e0a76fba1ca994e3a.zip
FreeBSD-src-ea512fc24698cb90f6b4456e0a76fba1ca994e3a.tar.gz
MFC r307518:
Fix device delete child function. When detaching device trees parent devices must be detached prior to detaching its children. This is because parent devices can have pointers to the child devices in their softcs which are not invalidated by device_delete_child(). This can cause use after free issues and panic(). Device drivers implementing trees, must ensure its detach function detaches or deletes all its children before returning. While at it remove now redundant device_detach() calls before device_delete_child() and device_delete_children(), mostly in the USB controller drivers. Tested by: Jan Henrik Sylvester <me@janh.de> Reviewed by: jhb Differential Revision: https://reviews.freebsd.org/D8070
Diffstat (limited to 'sys/boot/kshim/bsd_kernel.c')
-rw-r--r--sys/boot/kshim/bsd_kernel.c11
1 files changed, 5 insertions, 6 deletions
diff --git a/sys/boot/kshim/bsd_kernel.c b/sys/boot/kshim/bsd_kernel.c
index 36a6d82..c94b755 100644
--- a/sys/boot/kshim/bsd_kernel.c
+++ b/sys/boot/kshim/bsd_kernel.c
@@ -817,8 +817,12 @@ device_delete_child(device_t dev, device_t child)
int error = 0;
device_t grandchild;
- /* remove children first */
+ /* detach parent before deleting children, if any */
+ error = device_detach(child);
+ if (error)
+ goto done;
+ /* remove children second */
while ((grandchild = TAILQ_FIRST(&child->dev_children))) {
error = device_delete_child(child, grandchild);
if (error) {
@@ -827,11 +831,6 @@ device_delete_child(device_t dev, device_t child)
}
}
- error = device_detach(child);
-
- if (error)
- goto done;
-
devclass_delete_device(child->dev_module, child);
if (dev != NULL) {
OpenPOWER on IntegriCloud