From ea512fc24698cb90f6b4456e0a76fba1ca994e3a Mon Sep 17 00:00:00 2001 From: hselasky Date: Mon, 7 Nov 2016 08:36:06 +0000 Subject: MFC r307518: Fix device delete child function. When detaching device trees parent devices must be detached prior to detaching its children. This is because parent devices can have pointers to the child devices in their softcs which are not invalidated by device_delete_child(). This can cause use after free issues and panic(). Device drivers implementing trees, must ensure its detach function detaches or deletes all its children before returning. While at it remove now redundant device_detach() calls before device_delete_child() and device_delete_children(), mostly in the USB controller drivers. Tested by: Jan Henrik Sylvester Reviewed by: jhb Differential Revision: https://reviews.freebsd.org/D8070 --- sys/dev/usb/controller/generic_ehci.c | 6 ------ 1 file changed, 6 deletions(-) (limited to 'sys/dev/usb/controller/generic_ehci.c') diff --git a/sys/dev/usb/controller/generic_ehci.c b/sys/dev/usb/controller/generic_ehci.c index fcae7dd..5335652 100644 --- a/sys/dev/usb/controller/generic_ehci.c +++ b/sys/dev/usb/controller/generic_ehci.c @@ -156,14 +156,8 @@ static int generic_ehci_detach(device_t self) { ehci_softc_t *sc = device_get_softc(self); - device_t bdev; int err; - if (sc->sc_bus.bdev) { - bdev = sc->sc_bus.bdev; - device_detach(bdev); - device_delete_child(self, bdev); - } /* during module unload there are lots of children leftover */ device_delete_children(self); -- cgit v1.1