Otherwise, the only thing holding a reference to a device may be a device_file. If this is released in delete_device(), the subsequent call to unlink_named_object() will crash. This can occur if a device driver crashes with pending IRPs outstanding.
Signed-off-by: Zebediah Figura z.figura12@gmail.com --- This seems to be what's meant to be helped by this Staging patch:
https://raw.githubusercontent.com/wine-staging/wine-staging/master/patches/s...
When testing it, I couldn't reproduce a server crash just by crashing during an IRP_MJ_CREATE request, but I encountered this much later debugging bug 48530.
I think it makes more sense to formalize the reference to the device as belonging to the manager, rather than to add a temporary reference around deletion.
server/device.c | 2 ++ 1 file changed, 2 insertions(+)
diff --git a/server/device.c b/server/device.c index d3e2a84c1e..b02d965e33 100644 --- a/server/device.c +++ b/server/device.c @@ -700,6 +700,7 @@ static struct device *create_device( struct object *root, const struct unicode_s { device->unix_path = NULL; device->manager = manager; + grab_object( device ); list_add_tail( &manager->devices, &device->entry ); list_init( &device->kernel_object ); list_init( &device->files ); @@ -748,6 +749,7 @@ static void delete_device( struct device *device ) unlink_named_object( &device->obj ); list_remove( &device->entry ); device->manager = NULL; + release_object( device ); }