miibus: Use a bus_child_deleted method to free ivars for children
ClosedPublic
Actions

Authored by jhb on Oct 31 2024, 8:36 PM.

Details

Reviewers

Commits

rG7f77a2883ffb: miibus: Use a bus_child_deleted method to free ivars for children
rG69cfc0c25d13: miibus: Use a bus_child_deleted method to free ivars for children
rGdc569c894207: miibus: Use a bus_child_deleted method to free ivars for children

Summary

If a device was detached (e.g. via devctl) and then re-attached, the
ivars would be freed by the previous bus_child_detached method during
detach, but device_get_ivars during the subsequent attach would return
a stale pointer resulting in a use after free.

Diff Detail

Repository

rG FreeBSD src repository

Lint

Lint Skipped

Unit

Tests Skipped

Build Status

Buildable 60308
Build 57192: arc lint + arc unit

Event Timeline

jhb requested review of this revision.Oct 31 2024, 8:36 PM

jhb created this revision.

Harbormaster completed remote builds in B60308: Diff 145802.Oct 31 2024, 8:36 PM

jhb added a parent revision: D47370: iicbus: Use a bus_child_deleted method to free ivars for children.Oct 31 2024, 8:36 PM

jhb added a child revision: D47372: smbus: Use a bus_child_deleted method to free ivars for children.

imp accepted this revision.Oct 31 2024, 9:01 PM

This revision is now accepted and ready to land.Oct 31 2024, 9:01 PM

Closed by commit rGdc569c894207: miibus: Use a bus_child_deleted method to free ivars for children (authored by jhb). · Explain WhyNov 1 2024, 2:13 PM

This revision was automatically updated to reflect the committed changes.

jhb added a commit: rGdc569c894207: miibus: Use a bus_child_deleted method to free ivars for children.

jhb added a commit: rG69cfc0c25d13: miibus: Use a bus_child_deleted method to free ivars for children.Dec 1 2024, 4:58 AM

jhb added a commit: rG7f77a2883ffb: miibus: Use a bus_child_deleted method to free ivars for children.

Revision Contents
Changeset List

Path

Size

sys/

dev/

mii/

mii.c

6 lines

Diff 145802

View Options

sys/dev/mii/mii.c

Show First 20 Lines • Show All 178 Lines • ▼ Show 20 Lines	MAN+= abort2.2 \
cpuset_getaffinity.2 \		cpuset_getaffinity.2 \
cpuset_getdomain.2 \		cpuset_getdomain.2 \
dup.2 \		dup.2 \
execve.2 \		execve.2 \
_exit.2 \		_exit.2 \
extattr_get_file.2 \		extattr_get_file.2 \
fcntl.2 \		fcntl.2 \
ffclock.2 \		ffclock.2 \
		fhlink.2 \
fhopen.2 \		fhopen.2 \
		fhreadlink.2 \
flock.2 \		flock.2 \
fork.2 \		fork.2 \
fsync.2 \		fsync.2 \
getdirentries.2 \		getdirentries.2 \
getdtablesize.2 \		getdtablesize.2 \
getfh.2 \		getfh.2 \
getfsstat.2 \		getfsstat.2 \
getgid.2 \		getgid.2 \
▲ Show 20 Lines • Show All 194 Lines • ▼ Show 20 Lines	MLINKS+=extattr_get_file.2 extattr.2 \
extattr_get_file.2 extattr_set_file.2 \		extattr_get_file.2 extattr_set_file.2 \
extattr_get_file.2 extattr_set_link.2		extattr_get_file.2 extattr_set_link.2
MLINKS+=ffclock.2 ffclock_getcounter.2 \		MLINKS+=ffclock.2 ffclock_getcounter.2 \
ffclock.2 ffclock_getestimate.2 \		ffclock.2 ffclock_getestimate.2 \
ffclock.2 ffclock_setestimate.2		ffclock.2 ffclock_setestimate.2
MLINKS+=fhopen.2 fhstat.2 fhopen.2 fhstatfs.2		MLINKS+=fhopen.2 fhstat.2 fhopen.2 fhstatfs.2
MLINKS+=fsync.2 fdatasync.2		MLINKS+=fsync.2 fdatasync.2
MLINKS+=getdirentries.2 getdents.2		MLINKS+=getdirentries.2 getdents.2
MLINKS+=getfh.2 lgetfh.2		MLINKS+=getfh.2 lgetfh.2 \
		getfh.2 getfhat.2
MLINKS+=getgid.2 getegid.2		MLINKS+=getgid.2 getegid.2
MLINKS+=getitimer.2 setitimer.2		MLINKS+=getitimer.2 setitimer.2
MLINKS+=getlogin.2 getlogin_r.3		MLINKS+=getlogin.2 getlogin_r.3
MLINKS+=getlogin.2 setlogin.2		MLINKS+=getlogin.2 setlogin.2
MLINKS+=getloginclass.2 setloginclass.2		MLINKS+=getloginclass.2 setloginclass.2
MLINKS+=getpgrp.2 getpgid.2		MLINKS+=getpgrp.2 getpgid.2
MLINKS+=getpid.2 getppid.2		MLINKS+=getpid.2 getppid.2
MLINKS+=getpriority.2 setpriority.2		MLINKS+=getpriority.2 setpriority.2
▲ Show 20 Lines • Show All 90 Lines • Show Last 20 Lines

miibus: Use a bus_child_deleted method to free ivars for childrenClosedPublicActions