mirror of
https://github.com/reactos/reactos.git
synced 2025-06-10 04:14:53 +00:00
[USBDRIVER]
- Implement deregistering HCD in a device manager. Now, the HCI which failed to initialize will be properly freed without calling NULL pointer or crashing with freed memory access. See issue #4813 for more details. svn path=/trunk/; revision=47168
This commit is contained in:
Aleksey Bragin
parent
e4dec4c4cb
commit
cdf0478255
4 changed files with 47 additions and 23 deletions
|
|
@ -1457,6 +1457,20 @@ dev_mgr_register_hcd(PUSB_DEV_MANAGER dev_mgr, PHCD hcd)
|
||||||
return dev_mgr->hcd_count - 1;
|
return dev_mgr->hcd_count - 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
VOID
|
||||||
|
dev_mgr_deregister_hcd(PUSB_DEV_MANAGER dev_mgr, UCHAR hcd_id)
|
||||||
|
{
|
||||||
|
UCHAR i;
|
||||||
|
|
||||||
|
if (dev_mgr == NULL || hcd_id >= MAX_HCDS - 1)
|
||||||
|
return;
|
||||||
|
|
||||||
|
for (i = hcd_id; i < dev_mgr->hcd_count - 1; i++)
|
||||||
|
dev_mgr->hcd_array[i] = dev_mgr->hcd_array[i + 1];
|
||||||
|
|
||||||
|
dev_mgr->hcd_count--;
|
||||||
|
}
|
||||||
|
|
||||||
BOOLEAN
|
BOOLEAN
|
||||||
dev_mgr_register_irp(PUSB_DEV_MANAGER dev_mgr, PIRP pirp, PURB purb)
|
dev_mgr_register_irp(PUSB_DEV_MANAGER dev_mgr, PIRP pirp, PURB purb)
|
||||||
{
|
{
|
||||||
|
|
|
||||||
|
|
@ -208,6 +208,12 @@ PUSB_DEV_MANAGER dev_mgr,
|
||||||
PHCD hcd
|
PHCD hcd
|
||||||
);
|
);
|
||||||
|
|
||||||
|
VOID
|
||||||
|
dev_mgr_deregister_hcd(
|
||||||
|
PUSB_DEV_MANAGER dev_mgr,
|
||||||
|
UCHAR hcd_id
|
||||||
|
);
|
||||||
|
|
||||||
NTSTATUS
|
NTSTATUS
|
||||||
dev_mgr_dispatch(
|
dev_mgr_dispatch(
|
||||||
IN PUSB_DEV_MANAGER dev_mgr,
|
IN PUSB_DEV_MANAGER dev_mgr,
|
||||||
|
|
|
||||||
|
|
@ -271,7 +271,7 @@ ehci_alloc(PDRIVER_OBJECT drvr_obj, PUNICODE_STRING reg_path, ULONG bus_addr, PU
|
||||||
|
|
||||||
BOOLEAN ehci_init_schedule(PEHCI_DEV ehci, PADAPTER_OBJECT padapter);
|
BOOLEAN ehci_init_schedule(PEHCI_DEV ehci, PADAPTER_OBJECT padapter);
|
||||||
|
|
||||||
BOOLEAN ehci_release(PDEVICE_OBJECT pdev);
|
BOOLEAN ehci_release(PDEVICE_OBJECT pdev, PUSB_DEV_MANAGER dev_mgr);
|
||||||
|
|
||||||
static VOID ehci_stop(PEHCI_DEV ehci);
|
static VOID ehci_stop(PEHCI_DEV ehci);
|
||||||
|
|
||||||
|
|
@ -313,7 +313,7 @@ PDEVICE_OBJECT ehci_probe(PDRIVER_OBJECT drvr_obj, PUNICODE_STRING reg_path, PUS
|
||||||
|
|
||||||
PDEVICE_OBJECT ehci_create_device(PDRIVER_OBJECT drvr_obj, PUSB_DEV_MANAGER dev_mgr);
|
PDEVICE_OBJECT ehci_create_device(PDRIVER_OBJECT drvr_obj, PUSB_DEV_MANAGER dev_mgr);
|
||||||
|
|
||||||
BOOLEAN ehci_delete_device(PDEVICE_OBJECT pdev);
|
BOOLEAN ehci_delete_device(PDEVICE_OBJECT pdev, PUSB_DEV_MANAGER dev_mgr);
|
||||||
|
|
||||||
VOID ehci_get_capabilities(PEHCI_DEV ehci, PBYTE base);
|
VOID ehci_get_capabilities(PEHCI_DEV ehci, PBYTE base);
|
||||||
|
|
||||||
|
|
@ -3366,7 +3366,7 @@ ehci_hcd_release(PHCD hcd)
|
||||||
|
|
||||||
ehci = ehci_from_hcd(hcd);
|
ehci = ehci_from_hcd(hcd);
|
||||||
pdev_ext = ehci->pdev_ext;
|
pdev_ext = ehci->pdev_ext;
|
||||||
return ehci_release(pdev_ext->pdev_obj);
|
return ehci_release(pdev_ext->pdev_obj, hcd->dev_mgr);
|
||||||
}
|
}
|
||||||
|
|
||||||
NTSTATUS
|
NTSTATUS
|
||||||
|
|
@ -3565,7 +3565,7 @@ ehci_alloc(PDRIVER_OBJECT drvr_obj, PUNICODE_STRING reg_path, ULONG bus_addr, PU
|
||||||
if (pdev_ext->padapter == NULL)
|
if (pdev_ext->padapter == NULL)
|
||||||
{
|
{
|
||||||
//fatal error
|
//fatal error
|
||||||
ehci_delete_device(pdev);
|
ehci_delete_device(pdev, dev_mgr);
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -3584,7 +3584,7 @@ ehci_alloc(PDRIVER_OBJECT drvr_obj, PUNICODE_STRING reg_path, ULONG bus_addr, PU
|
||||||
DbgPrint("ehci_alloc(): error assign slot res, 0x%x\n", status);
|
DbgPrint("ehci_alloc(): error assign slot res, 0x%x\n", status);
|
||||||
release_adapter(pdev_ext->padapter);
|
release_adapter(pdev_ext->padapter);
|
||||||
pdev_ext->padapter = NULL;
|
pdev_ext->padapter = NULL;
|
||||||
ehci_delete_device(pdev);
|
ehci_delete_device(pdev, dev_mgr);
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -3619,7 +3619,7 @@ ehci_alloc(PDRIVER_OBJECT drvr_obj, PUNICODE_STRING reg_path, ULONG bus_addr, PU
|
||||||
DbgPrint("ehci_alloc(): error, can not translate bus address\n");
|
DbgPrint("ehci_alloc(): error, can not translate bus address\n");
|
||||||
release_adapter(pdev_ext->padapter);
|
release_adapter(pdev_ext->padapter);
|
||||||
pdev_ext->padapter = NULL;
|
pdev_ext->padapter = NULL;
|
||||||
ehci_delete_device(pdev);
|
ehci_delete_device(pdev, dev_mgr);
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -3638,7 +3638,7 @@ ehci_alloc(PDRIVER_OBJECT drvr_obj, PUNICODE_STRING reg_path, ULONG bus_addr, PU
|
||||||
{
|
{
|
||||||
release_adapter(pdev_ext->padapter);
|
release_adapter(pdev_ext->padapter);
|
||||||
pdev_ext->padapter = NULL;
|
pdev_ext->padapter = NULL;
|
||||||
ehci_delete_device(pdev);
|
ehci_delete_device(pdev, dev_mgr);
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
@ -3663,7 +3663,7 @@ ehci_alloc(PDRIVER_OBJECT drvr_obj, PUNICODE_STRING reg_path, ULONG bus_addr, PU
|
||||||
{
|
{
|
||||||
release_adapter(pdev_ext->padapter);
|
release_adapter(pdev_ext->padapter);
|
||||||
pdev_ext->padapter = NULL;
|
pdev_ext->padapter = NULL;
|
||||||
ehci_delete_device(pdev);
|
ehci_delete_device(pdev, dev_mgr);
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -3692,7 +3692,7 @@ ehci_alloc(PDRIVER_OBJECT drvr_obj, PUNICODE_STRING reg_path, ULONG bus_addr, PU
|
||||||
affinity, FALSE) //No float save
|
affinity, FALSE) //No float save
|
||||||
!= STATUS_SUCCESS)
|
!= STATUS_SUCCESS)
|
||||||
{
|
{
|
||||||
ehci_release(pdev);
|
ehci_release(pdev, dev_mgr);
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -4017,7 +4017,7 @@ ehci_get_capabilities(PEHCI_DEV ehci, PBYTE base)
|
||||||
}
|
}
|
||||||
|
|
||||||
BOOLEAN
|
BOOLEAN
|
||||||
ehci_delete_device(PDEVICE_OBJECT pdev)
|
ehci_delete_device(PDEVICE_OBJECT pdev, PUSB_DEV_MANAGER dev_mgr)
|
||||||
{
|
{
|
||||||
STRING string;
|
STRING string;
|
||||||
UNICODE_STRING symb_name;
|
UNICODE_STRING symb_name;
|
||||||
|
|
@ -4037,6 +4037,8 @@ ehci_delete_device(PDEVICE_OBJECT pdev)
|
||||||
IoDeleteSymbolicLink(&symb_name);
|
IoDeleteSymbolicLink(&symb_name);
|
||||||
RtlFreeUnicodeString(&symb_name);
|
RtlFreeUnicodeString(&symb_name);
|
||||||
|
|
||||||
|
dev_mgr_deregister_hcd(dev_mgr, pdev_ext->ehci->hcd_interf.hcd_get_id(&pdev_ext->ehci->hcd_interf));
|
||||||
|
|
||||||
if (pdev_ext->res_list)
|
if (pdev_ext->res_list)
|
||||||
ExFreePool(pdev_ext->res_list); // not allocated by usb_alloc_mem
|
ExFreePool(pdev_ext->res_list); // not allocated by usb_alloc_mem
|
||||||
|
|
||||||
|
|
@ -4062,7 +4064,7 @@ ehci_stop(PEHCI_DEV ehci)
|
||||||
}
|
}
|
||||||
|
|
||||||
BOOLEAN
|
BOOLEAN
|
||||||
ehci_release(PDEVICE_OBJECT pdev)
|
ehci_release(PDEVICE_OBJECT pdev, PUSB_DEV_MANAGER dev_mgr)
|
||||||
{
|
{
|
||||||
PEHCI_DEVICE_EXTENSION pdev_ext;
|
PEHCI_DEVICE_EXTENSION pdev_ext;
|
||||||
PEHCI_DEV ehci;
|
PEHCI_DEV ehci;
|
||||||
|
|
@ -4095,7 +4097,7 @@ ehci_release(PDEVICE_OBJECT pdev)
|
||||||
release_adapter(pdev_ext->padapter);
|
release_adapter(pdev_ext->padapter);
|
||||||
pdev_ext->padapter = NULL;
|
pdev_ext->padapter = NULL;
|
||||||
|
|
||||||
ehci_delete_device(pdev);
|
ehci_delete_device(pdev, dev_mgr);
|
||||||
|
|
||||||
return FALSE;
|
return FALSE;
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -102,7 +102,7 @@ uhci_alloc(PDRIVER_OBJECT drvr_obj, PUNICODE_STRING reg_path, ULONG bus_addr, PU
|
||||||
|
|
||||||
BOOLEAN uhci_init_schedule(PUHCI_DEV uhci, PADAPTER_OBJECT padapter);
|
BOOLEAN uhci_init_schedule(PUHCI_DEV uhci, PADAPTER_OBJECT padapter);
|
||||||
|
|
||||||
BOOLEAN uhci_release(PDEVICE_OBJECT pdev);
|
BOOLEAN uhci_release(PDEVICE_OBJECT pdev, PUSB_DEV_MANAGER dev_mgr);
|
||||||
|
|
||||||
static VOID uhci_stop(PUHCI_DEV uhci);
|
static VOID uhci_stop(PUHCI_DEV uhci);
|
||||||
|
|
||||||
|
|
@ -465,7 +465,7 @@ uhci_create_device(PDRIVER_OBJECT drvr_obj, PUSB_DEV_MANAGER dev_mgr)
|
||||||
}
|
}
|
||||||
|
|
||||||
BOOLEAN
|
BOOLEAN
|
||||||
uhci_delete_device(PDEVICE_OBJECT pdev)
|
uhci_delete_device(PDEVICE_OBJECT pdev, PUSB_DEV_MANAGER dev_mgr)
|
||||||
{
|
{
|
||||||
STRING string;
|
STRING string;
|
||||||
UNICODE_STRING symb_name;
|
UNICODE_STRING symb_name;
|
||||||
|
|
@ -485,6 +485,8 @@ uhci_delete_device(PDEVICE_OBJECT pdev)
|
||||||
IoDeleteSymbolicLink(&symb_name);
|
IoDeleteSymbolicLink(&symb_name);
|
||||||
RtlFreeUnicodeString(&symb_name);
|
RtlFreeUnicodeString(&symb_name);
|
||||||
|
|
||||||
|
dev_mgr_deregister_hcd(dev_mgr, pdev_ext->uhci->hcd_interf.hcd_get_id(&pdev_ext->uhci->hcd_interf));
|
||||||
|
|
||||||
if (pdev_ext->res_list)
|
if (pdev_ext->res_list)
|
||||||
ExFreePool(pdev_ext->res_list); // not allocated by usb_alloc_mem
|
ExFreePool(pdev_ext->res_list); // not allocated by usb_alloc_mem
|
||||||
|
|
||||||
|
|
@ -723,7 +725,7 @@ uhci_alloc(PDRIVER_OBJECT drvr_obj, PUNICODE_STRING reg_path, ULONG bus_addr, PU
|
||||||
if (pdev_ext->padapter == NULL)
|
if (pdev_ext->padapter == NULL)
|
||||||
{
|
{
|
||||||
//fatal error
|
//fatal error
|
||||||
uhci_delete_device(pdev);
|
uhci_delete_device(pdev, dev_mgr);
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -742,7 +744,7 @@ uhci_alloc(PDRIVER_OBJECT drvr_obj, PUNICODE_STRING reg_path, ULONG bus_addr, PU
|
||||||
DbgPrint("uhci_alloc(): error assign slot res, 0x%x\n", status);
|
DbgPrint("uhci_alloc(): error assign slot res, 0x%x\n", status);
|
||||||
release_adapter(pdev_ext->padapter);
|
release_adapter(pdev_ext->padapter);
|
||||||
pdev_ext->padapter = NULL;
|
pdev_ext->padapter = NULL;
|
||||||
uhci_delete_device(pdev);
|
uhci_delete_device(pdev, dev_mgr);
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -772,7 +774,7 @@ uhci_alloc(PDRIVER_OBJECT drvr_obj, PUNICODE_STRING reg_path, ULONG bus_addr, PU
|
||||||
DbgPrint("uhci_alloc(): error, can not translate bus address\n");
|
DbgPrint("uhci_alloc(): error, can not translate bus address\n");
|
||||||
release_adapter(pdev_ext->padapter);
|
release_adapter(pdev_ext->padapter);
|
||||||
pdev_ext->padapter = NULL;
|
pdev_ext->padapter = NULL;
|
||||||
uhci_delete_device(pdev);
|
uhci_delete_device(pdev, dev_mgr);
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -791,7 +793,7 @@ uhci_alloc(PDRIVER_OBJECT drvr_obj, PUNICODE_STRING reg_path, ULONG bus_addr, PU
|
||||||
{
|
{
|
||||||
release_adapter(pdev_ext->padapter);
|
release_adapter(pdev_ext->padapter);
|
||||||
pdev_ext->padapter = NULL;
|
pdev_ext->padapter = NULL;
|
||||||
uhci_delete_device(pdev);
|
uhci_delete_device(pdev, dev_mgr);
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
@ -810,7 +812,7 @@ uhci_alloc(PDRIVER_OBJECT drvr_obj, PUNICODE_STRING reg_path, ULONG bus_addr, PU
|
||||||
{
|
{
|
||||||
release_adapter(pdev_ext->padapter);
|
release_adapter(pdev_ext->padapter);
|
||||||
pdev_ext->padapter = NULL;
|
pdev_ext->padapter = NULL;
|
||||||
uhci_delete_device(pdev);
|
uhci_delete_device(pdev, dev_mgr);
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -848,7 +850,7 @@ uhci_alloc(PDRIVER_OBJECT drvr_obj, PUNICODE_STRING reg_path, ULONG bus_addr, PU
|
||||||
FALSE) //No float save
|
FALSE) //No float save
|
||||||
!= STATUS_SUCCESS)
|
!= STATUS_SUCCESS)
|
||||||
{
|
{
|
||||||
uhci_release(pdev);
|
uhci_release(pdev, dev_mgr);
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -856,7 +858,7 @@ uhci_alloc(PDRIVER_OBJECT drvr_obj, PUNICODE_STRING reg_path, ULONG bus_addr, PU
|
||||||
}
|
}
|
||||||
|
|
||||||
BOOLEAN
|
BOOLEAN
|
||||||
uhci_release(PDEVICE_OBJECT pdev)
|
uhci_release(PDEVICE_OBJECT pdev, PUSB_DEV_MANAGER dev_mgr)
|
||||||
{
|
{
|
||||||
PDEVICE_EXTENSION pdev_ext;
|
PDEVICE_EXTENSION pdev_ext;
|
||||||
PUHCI_DEV uhci;
|
PUHCI_DEV uhci;
|
||||||
|
|
@ -892,7 +894,7 @@ uhci_release(PDEVICE_OBJECT pdev)
|
||||||
release_adapter(pdev_ext->padapter);
|
release_adapter(pdev_ext->padapter);
|
||||||
pdev_ext->padapter = NULL;
|
pdev_ext->padapter = NULL;
|
||||||
|
|
||||||
uhci_delete_device(pdev);
|
uhci_delete_device(pdev, dev_mgr);
|
||||||
|
|
||||||
return FALSE;
|
return FALSE;
|
||||||
|
|
||||||
|
|
@ -3671,7 +3673,7 @@ uhci_hcd_release(struct _HCD * hcd)
|
||||||
uhci = uhci_from_hcd(hcd);
|
uhci = uhci_from_hcd(hcd);
|
||||||
pdev_ext = uhci->pdev_ext;
|
pdev_ext = uhci->pdev_ext;
|
||||||
|
|
||||||
return uhci_release(pdev_ext->pdev_obj);
|
return uhci_release(pdev_ext->pdev_obj, hcd->dev_mgr);
|
||||||
}
|
}
|
||||||
|
|
||||||
NTSTATUS
|
NTSTATUS
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue