[ros-diffs] [fireball] 47168: [USBDRIVER] - Implement deregistering HCD in a device manager. Now, the HCI which failed to initialize will be properly freed without calling NULL pointer or crashing with freed memory access. See issue #4813 for more details.
fireball at svn.reactos.org
fireball at svn.reactos.org
Wed May 12 11:42:08 CEST 2010
Author: fireball
Date: Wed May 12 11:42:07 2010
New Revision: 47168
URL: http://svn.reactos.org/svn/reactos?rev=47168&view=rev
Log:
[USBDRIVER]
- Implement deregistering HCD in a device manager. Now, the HCI which failed to initialize will be properly freed without calling NULL pointer or crashing with freed memory access.
See issue #4813 for more details.
Modified:
trunk/reactos/drivers/usb/nt4compat/usbdriver/devmgr.c
trunk/reactos/drivers/usb/nt4compat/usbdriver/devmgr.h
trunk/reactos/drivers/usb/nt4compat/usbdriver/ehci.c
trunk/reactos/drivers/usb/nt4compat/usbdriver/uhci.c
Modified: trunk/reactos/drivers/usb/nt4compat/usbdriver/devmgr.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/drivers/usb/nt4compat/usbdriver/devmgr.c?rev=47168&r1=47167&r2=47168&view=diff
==============================================================================
--- trunk/reactos/drivers/usb/nt4compat/usbdriver/devmgr.c [iso-8859-1] (original)
+++ trunk/reactos/drivers/usb/nt4compat/usbdriver/devmgr.c [iso-8859-1] Wed May 12 11:42:07 2010
@@ -1457,6 +1457,20 @@
return dev_mgr->hcd_count - 1;
}
+VOID
+dev_mgr_deregister_hcd(PUSB_DEV_MANAGER dev_mgr, UCHAR hcd_id)
+{
+ UCHAR i;
+
+ if (dev_mgr == NULL || hcd_id >= MAX_HCDS - 1)
+ return;
+
+ for (i = hcd_id; i < dev_mgr->hcd_count - 1; i++)
+ dev_mgr->hcd_array[i] = dev_mgr->hcd_array[i + 1];
+
+ dev_mgr->hcd_count--;
+}
+
BOOLEAN
dev_mgr_register_irp(PUSB_DEV_MANAGER dev_mgr, PIRP pirp, PURB purb)
{
Modified: trunk/reactos/drivers/usb/nt4compat/usbdriver/devmgr.h
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/drivers/usb/nt4compat/usbdriver/devmgr.h?rev=47168&r1=47167&r2=47168&view=diff
==============================================================================
--- trunk/reactos/drivers/usb/nt4compat/usbdriver/devmgr.h [iso-8859-1] (original)
+++ trunk/reactos/drivers/usb/nt4compat/usbdriver/devmgr.h [iso-8859-1] Wed May 12 11:42:07 2010
@@ -206,6 +206,12 @@
dev_mgr_register_hcd(
PUSB_DEV_MANAGER dev_mgr,
PHCD hcd
+);
+
+VOID
+dev_mgr_deregister_hcd(
+PUSB_DEV_MANAGER dev_mgr,
+UCHAR hcd_id
);
NTSTATUS
Modified: trunk/reactos/drivers/usb/nt4compat/usbdriver/ehci.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/drivers/usb/nt4compat/usbdriver/ehci.c?rev=47168&r1=47167&r2=47168&view=diff
==============================================================================
--- trunk/reactos/drivers/usb/nt4compat/usbdriver/ehci.c [iso-8859-1] (original)
+++ trunk/reactos/drivers/usb/nt4compat/usbdriver/ehci.c [iso-8859-1] Wed May 12 11:42:07 2010
@@ -271,7 +271,7 @@
BOOLEAN ehci_init_schedule(PEHCI_DEV ehci, PADAPTER_OBJECT padapter);
-BOOLEAN ehci_release(PDEVICE_OBJECT pdev);
+BOOLEAN ehci_release(PDEVICE_OBJECT pdev, PUSB_DEV_MANAGER dev_mgr);
static VOID ehci_stop(PEHCI_DEV ehci);
@@ -313,7 +313,7 @@
PDEVICE_OBJECT ehci_create_device(PDRIVER_OBJECT drvr_obj, PUSB_DEV_MANAGER dev_mgr);
-BOOLEAN ehci_delete_device(PDEVICE_OBJECT pdev);
+BOOLEAN ehci_delete_device(PDEVICE_OBJECT pdev, PUSB_DEV_MANAGER dev_mgr);
VOID ehci_get_capabilities(PEHCI_DEV ehci, PBYTE base);
@@ -3366,7 +3366,7 @@
ehci = ehci_from_hcd(hcd);
pdev_ext = ehci->pdev_ext;
- return ehci_release(pdev_ext->pdev_obj);
+ return ehci_release(pdev_ext->pdev_obj, hcd->dev_mgr);
}
NTSTATUS
@@ -3565,7 +3565,7 @@
if (pdev_ext->padapter == NULL)
{
//fatal error
- ehci_delete_device(pdev);
+ ehci_delete_device(pdev, dev_mgr);
return NULL;
}
@@ -3584,7 +3584,7 @@
DbgPrint("ehci_alloc(): error assign slot res, 0x%x\n", status);
release_adapter(pdev_ext->padapter);
pdev_ext->padapter = NULL;
- ehci_delete_device(pdev);
+ ehci_delete_device(pdev, dev_mgr);
return NULL;
}
@@ -3619,7 +3619,7 @@
DbgPrint("ehci_alloc(): error, can not translate bus address\n");
release_adapter(pdev_ext->padapter);
pdev_ext->padapter = NULL;
- ehci_delete_device(pdev);
+ ehci_delete_device(pdev, dev_mgr);
return NULL;
}
@@ -3638,7 +3638,7 @@
{
release_adapter(pdev_ext->padapter);
pdev_ext->padapter = NULL;
- ehci_delete_device(pdev);
+ ehci_delete_device(pdev, dev_mgr);
return NULL;
}
}
@@ -3663,7 +3663,7 @@
{
release_adapter(pdev_ext->padapter);
pdev_ext->padapter = NULL;
- ehci_delete_device(pdev);
+ ehci_delete_device(pdev, dev_mgr);
return NULL;
}
@@ -3692,7 +3692,7 @@
affinity, FALSE) //No float save
!= STATUS_SUCCESS)
{
- ehci_release(pdev);
+ ehci_release(pdev, dev_mgr);
return NULL;
}
@@ -4017,7 +4017,7 @@
}
BOOLEAN
-ehci_delete_device(PDEVICE_OBJECT pdev)
+ehci_delete_device(PDEVICE_OBJECT pdev, PUSB_DEV_MANAGER dev_mgr)
{
STRING string;
UNICODE_STRING symb_name;
@@ -4036,6 +4036,8 @@
RtlAnsiStringToUnicodeString(&symb_name, &string, TRUE);
IoDeleteSymbolicLink(&symb_name);
RtlFreeUnicodeString(&symb_name);
+
+ dev_mgr_deregister_hcd(dev_mgr, pdev_ext->ehci->hcd_interf.hcd_get_id(&pdev_ext->ehci->hcd_interf));
if (pdev_ext->res_list)
ExFreePool(pdev_ext->res_list); // not allocated by usb_alloc_mem
@@ -4062,7 +4064,7 @@
}
BOOLEAN
-ehci_release(PDEVICE_OBJECT pdev)
+ehci_release(PDEVICE_OBJECT pdev, PUSB_DEV_MANAGER dev_mgr)
{
PEHCI_DEVICE_EXTENSION pdev_ext;
PEHCI_DEV ehci;
@@ -4095,7 +4097,7 @@
release_adapter(pdev_ext->padapter);
pdev_ext->padapter = NULL;
- ehci_delete_device(pdev);
+ ehci_delete_device(pdev, dev_mgr);
return FALSE;
Modified: trunk/reactos/drivers/usb/nt4compat/usbdriver/uhci.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/drivers/usb/nt4compat/usbdriver/uhci.c?rev=47168&r1=47167&r2=47168&view=diff
==============================================================================
--- trunk/reactos/drivers/usb/nt4compat/usbdriver/uhci.c [iso-8859-1] (original)
+++ trunk/reactos/drivers/usb/nt4compat/usbdriver/uhci.c [iso-8859-1] Wed May 12 11:42:07 2010
@@ -102,7 +102,7 @@
BOOLEAN uhci_init_schedule(PUHCI_DEV uhci, PADAPTER_OBJECT padapter);
-BOOLEAN uhci_release(PDEVICE_OBJECT pdev);
+BOOLEAN uhci_release(PDEVICE_OBJECT pdev, PUSB_DEV_MANAGER dev_mgr);
static VOID uhci_stop(PUHCI_DEV uhci);
@@ -465,7 +465,7 @@
}
BOOLEAN
-uhci_delete_device(PDEVICE_OBJECT pdev)
+uhci_delete_device(PDEVICE_OBJECT pdev, PUSB_DEV_MANAGER dev_mgr)
{
STRING string;
UNICODE_STRING symb_name;
@@ -484,6 +484,8 @@
RtlAnsiStringToUnicodeString(&symb_name, &string, TRUE);
IoDeleteSymbolicLink(&symb_name);
RtlFreeUnicodeString(&symb_name);
+
+ dev_mgr_deregister_hcd(dev_mgr, pdev_ext->uhci->hcd_interf.hcd_get_id(&pdev_ext->uhci->hcd_interf));
if (pdev_ext->res_list)
ExFreePool(pdev_ext->res_list); // not allocated by usb_alloc_mem
@@ -723,7 +725,7 @@
if (pdev_ext->padapter == NULL)
{
//fatal error
- uhci_delete_device(pdev);
+ uhci_delete_device(pdev, dev_mgr);
return NULL;
}
@@ -742,7 +744,7 @@
DbgPrint("uhci_alloc(): error assign slot res, 0x%x\n", status);
release_adapter(pdev_ext->padapter);
pdev_ext->padapter = NULL;
- uhci_delete_device(pdev);
+ uhci_delete_device(pdev, dev_mgr);
return NULL;
}
@@ -772,7 +774,7 @@
DbgPrint("uhci_alloc(): error, can not translate bus address\n");
release_adapter(pdev_ext->padapter);
pdev_ext->padapter = NULL;
- uhci_delete_device(pdev);
+ uhci_delete_device(pdev, dev_mgr);
return NULL;
}
@@ -791,7 +793,7 @@
{
release_adapter(pdev_ext->padapter);
pdev_ext->padapter = NULL;
- uhci_delete_device(pdev);
+ uhci_delete_device(pdev, dev_mgr);
return NULL;
}
}
@@ -810,7 +812,7 @@
{
release_adapter(pdev_ext->padapter);
pdev_ext->padapter = NULL;
- uhci_delete_device(pdev);
+ uhci_delete_device(pdev, dev_mgr);
return NULL;
}
@@ -848,7 +850,7 @@
FALSE) //No float save
!= STATUS_SUCCESS)
{
- uhci_release(pdev);
+ uhci_release(pdev, dev_mgr);
return NULL;
}
@@ -856,7 +858,7 @@
}
BOOLEAN
-uhci_release(PDEVICE_OBJECT pdev)
+uhci_release(PDEVICE_OBJECT pdev, PUSB_DEV_MANAGER dev_mgr)
{
PDEVICE_EXTENSION pdev_ext;
PUHCI_DEV uhci;
@@ -892,7 +894,7 @@
release_adapter(pdev_ext->padapter);
pdev_ext->padapter = NULL;
- uhci_delete_device(pdev);
+ uhci_delete_device(pdev, dev_mgr);
return FALSE;
@@ -3671,7 +3673,7 @@
uhci = uhci_from_hcd(hcd);
pdev_ext = uhci->pdev_ext;
- return uhci_release(pdev_ext->pdev_obj);
+ return uhci_release(pdev_ext->pdev_obj, hcd->dev_mgr);
}
NTSTATUS
More information about the Ros-diffs
mailing list