Page MenuHomeFreeBSD
Differential D47371

miibus: Use a bus_child_deleted method to free ivars for children
ClosedPublic
Actions

Authored by jhb on Oct 31 2024, 8:36 PM.
Tags
None
Referenced Files
Unknown Object (File)
Sun, Apr 5, 6:25 AM
Unknown Object (File)
Sun, Mar 22, 5:17 PM
Unknown Object (File)
Thu, Mar 12, 1:49 PM
Unknown Object (File)
Mon, Mar 9, 8:31 PM
Unknown Object (File)
Mon, Mar 9, 1:55 PM
Unknown Object (File)
Mon, Mar 9, 1:48 AM
Unknown Object (File)
Mar 7 2026, 2:32 AM
Unknown Object (File)
Mar 3 2026, 9:29 PM
View All 70 Files
Subscribers
None

Details

Reviewers
imp
Commits
rG7f77a2883ffb: miibus: Use a bus_child_deleted method to free ivars for children
rG69cfc0c25d13: miibus: Use a bus_child_deleted method to free ivars for children
rGdc569c894207: miibus: Use a bus_child_deleted method to free ivars for children
Summary

If a device was detached (e.g. via devctl) and then re-attached, the
ivars would be freed by the previous bus_child_detached method during
detach, but device_get_ivars during the subsequent attach would return
a stale pointer resulting in a use after free.

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Skipped
Unit
Tests Skipped
Build Status
Buildable 60308
Build 57192: arc lint + arc unit

Revision Contents
Changeset List

PathSize
sys/
dev/
mii/
6 lines

Diff 145802

View Options

sys/dev/mii/mii.c

Loading...