MdeMdeModulePkg/UsbBusDxe: Fixed a possible memory leak bug introduced at r14226

The r14226 check-in indeed has memory leak in allocated "Child" pointer. UsbBusDriverBindingStop() may dereference this pointer and may bring exception on invalid memory access

Signed-off-by: Feng Tian <feng.tian@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>



git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@14251 6f19259b-4bc3-4df7-8a09-765794883524

1 files changed, 14 insertions, 5 deletions

diff --git a/MdeModulePkg/Bus/Usb/UsbBusDxe/UsbEnumer.c b/MdeModulePkg/Bus/Usb/UsbBusDxe/UsbEnumer.c
index 8340b72de2..0aa896173d 100644
--- a/MdeModulePkg/Bus/Usb/UsbBusDxe/UsbEnumer.c
+++ b/MdeModulePkg/Bus/Usb/UsbBusDxe/UsbEnumer.c
@@ -814,11 +814,20 @@ UsbEnumerateNewDev (
   return EFI_SUCCESS;

 

 ON_ERROR:

-

-  if (Child != NULL) {

-    UsbFreeDevice (Child);

-  }

-

+  //

+  // If reach here, it means the enumeration process on a given port is interrupted due to error.

+  // The s/w resources, including the assigned address(Address) and the allocated usb device data

+  // structure(Bus->Devices[Address]), will NOT be freed here. These resources will be freed when

+  // the device is unplugged from the port or DriverBindingStop() is invoked.

+  //

+  // This way is used to co-work with the lower layer EDKII UHCI/EHCI/XHCI host controller driver.

+  // It's mainly because to keep UEFI spec unchanged EDKII XHCI driver have to maintain a state machine

+  // to keep track of the mapping between actual address and request address. If the request address

+  // (Address) is freed here, the Address value will be used by next enumerated device. Then EDKII XHCI

+  // host controller driver will have wrong information, which will cause further transaction error.

+  //

+  // EDKII UHCI/EHCI doesn't get impacted as it's make sense to reserve s/w resource till it gets unplugged.

+  //

   return Status;

 }