atom feed13 messages in org.freebsd.freebsd-archnewbus flaw
FromSent OnAttachments
Dag-Erling SmørgravMay 11, 2004 7:39 am 
Doug RabsonMay 11, 2004 8:08 am 
Poul-Henning KampMay 11, 2004 8:12 am 
John-Mark GurneyMay 11, 2004 6:02 pm 
Dag-Erling SmørgravMay 12, 2004 6:27 am 
John-Mark GurneyMay 12, 2004 10:41 am 
Dag-Erling SmørgravMay 12, 2004 10:48 am 
John-Mark GurneyMay 12, 2004 10:53 am 
Dag-Erling SmørgravMay 12, 2004 1:30 pm 
Doug RabsonMay 13, 2004 1:27 am 
Dag-Erling SmørgravMay 13, 2004 3:46 am 
Doug RabsonMay 13, 2004 5:34 am 
M. Warner LoshMay 13, 2004 9:06 am 
Subject:newbus flaw
From:Dag-Erling Smørgrav (de@des.no)
Date:May 11, 2004 7:39:48 am
List:org.freebsd.freebsd-arch

I've found what I believe is a serious flaw in newbus.

When a driver that has a DEVICE_IDENTIFY method is loaded, the identify method is called. If it finds supported hardware, it uses BUS_ADD_CHILD to notify the parent bus of the presence of that hardware. At some later point, during a bus rescan, the attach routine is called for each device that was identified in this manner.

When the driver is unloaded, the device is detached, but it remains on the bus's list of child devices. The next time the module is loaded, its DEVICE_IDENTIFY method is called again, and incorrectly adds a second child device to the bus, because it does not know that one already exists.

There is no way for DEVICE_IDENTIFY to check if a matching child already exists on the bus, or for the module's event handler to unlist the child when unloading.

The first time you load the module, you get foo0; the second time, you get foo0 *and* foo1 referencing the same physical device; the third time, you get foo0, foo1, and foo2, etc.

I've also seen something similar happen when multiple ndis drivers are loaded; the first one re-attaches to the hardware when the second one is loaded.

DES

-- Dag-Erling Sm?rgrav - de@des.no