kern/163268: [acpi_hp] fix driver detach in absence of CMI

Tue, 13 Dec 2011 15:50:27 -0800 

>Number:         163268
>Category:       kern
>Synopsis:       [acpi_hp] fix driver detach in absence of CMI
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Dec 13 23:50:10 UTC 2011
>Closed-Date:
>Last-Modified:
>Originator:     Yuri Pankov
>Release:        FreeBSD 9.0-RC3 amd64
>Organization:
>Environment:
System: FreeBSD procyon.xvoid.org 9.0-RC3 FreeBSD 9.0-RC3 #1 r228385: Sat Dec 
10 07:29:02 MSK 2011 
y...@procyon.xvoid.org:/usr/obj/data/src/freebsd/releng/9.0/sys/GENERIC amd64
>Description:
Unloading acpi_hp driver in absence of CMI (e.g., on HP Pavilion DV8, not sure 
if laptop doesn't have it or driver just doesn't recognize its presence, but 
anyway.. ) leads to "panic: sbuf_delete called with uninitialized or corrupt 
sbuf". We shouldn't try to free CMI-related resources if we didn't allocate 
them, fix logic here a bit.
>How-To-Repeat:
>Fix:
--- acpi_hp.c.diff begins here ---
Index: sys/dev/acpi_support/acpi_hp.c
===================================================================
--- sys/dev/acpi_support/acpi_hp.c      (revision 228481)
+++ sys/dev/acpi_support/acpi_hp.c      (working copy)
@@ -573,25 +573,25 @@
 static int
 acpi_hp_detach(device_t dev)
 {
-       int     ret;
-       
+       int                     ret = 0;
+       struct acpi_hp_softc    *sc = device_get_softc(dev);
+
        ACPI_FUNCTION_TRACE((char *)(uintptr_t) __func__);
-       struct acpi_hp_softc *sc = device_get_softc(dev);
-       if (sc->has_cmi && sc->hpcmi_open_pid != 0) {
-               ret = EBUSY;
-       }
-       else {
-               if (sc->has_notify) {
-                       ACPI_WMI_REMOVE_EVENT_HANDLER(dev,
-                           ACPI_HP_WMI_EVENT_GUID);
+
+       if (sc->has_notify)
+               ACPI_WMI_REMOVE_EVENT_HANDLER(dev, ACPI_HP_WMI_EVENT_GUID);
+
+       if (sc->has_cmi) {
+               if (sc->hpcmi_open_pid != 0) {
+                       ret = EBUSY;
+               } else {
+                       if (sc->hpcmi_bufptr != -1) {
+                               sbuf_delete(&sc->hpcmi_sbuf);
+                               sc->hpcmi_bufptr = -1;
+                       }
+                       sc->hpcmi_open_pid = 0;
+                       destroy_dev(sc->hpcmi_dev_t);
                }
-               if (sc->hpcmi_bufptr != -1) {
-                       sbuf_delete(&sc->hpcmi_sbuf);
-                       sc->hpcmi_bufptr = -1;
-               }
-               sc->hpcmi_open_pid = 0;
-               destroy_dev(sc->hpcmi_dev_t);
-               ret = 0;
        }
 
        return (ret);
--- acpi_hp.c.diff ends here ---


>Release-Note:
>Audit-Trail:
>Unformatted:
_______________________________________________
freebsd-bugs@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-bugs
To unsubscribe, send any mail to "freebsd-bugs-unsubscr...@freebsd.org"

Reply via email to