Grrrr. Fix a really lame bug that I tripped over while testing my miibus

stuff: unregister_methods() is horribly broken. The idea, if I'm not mistaken, is that the refcount on a method is decremented, and only when it reaches zero is the method freed. However desc->method is set to NULL unconditionally regardless of the refcount, which means the method pointer is trashed the first time the method is deallocated. The obvious detrimental effect is that memory is leaked. The not so obvious effect is that when you call unregister_method() the second time on the same method, you get a NULL pointer dereference and a panic. Now I can successfully unload network device drivers and the miibus module without crashing the system. *sigh*
1999-08-14 05:11:01 +00:00 · 1999-08-14 05:11:01 +00:00 · b7f6c65f7c
commit b7f6c65f7c
parent efabbb14f9
1 changed files with 2 additions and 2 deletions
--- a/sys/kern/subr_bus.c
+++ b/sys/kern/subr_bus.c
@ -23,7 +23,7 @@
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 *
- *	$Id: subr_bus.c,v 1.34 1999/08/11 22:05:17 peter Exp $
+ *	$Id: subr_bus.c,v 1.35 1999/08/11 22:55:39 peter Exp $
 */

 #include <sys/param.h>
@ -159,8 +159,8 @@ unregister_method(struct device_op_desc *desc)
    if (m->refs == 0) {
 	LIST_REMOVE(m, link);
 	free(m, M_DEVBUF);
+    	desc->method = 0;
    }
-    desc->method = 0;
 }

 static int error_method(void)