MdeMdeModulePkg/UsbBusDxe: Fixed a possible memory leak bug introduced at r14226

The r14226 check-in indeed has memory leak in allocated "Child" pointer. UsbBusDriverBindingStop() may dereference this pointer and may bring exception on invalid memory access

Signed-off-by: Feng Tian <feng.tian@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@14251 6f19259b-4bc3-4df7-8a09-765794883524

diff --git a/MdeModulePkg/Bus/Usb/UsbBusDxe/UsbEnumer.c b/MdeModulePkg/Bus/Usb/UsbBusDxe/UsbEnumer.c
index 8340b72de25c21aa68c14bd2365b9db3477bbff7..0aa896173dbfc1e52b13ff13de36d23009fd9865 100644 (file)
--- a/MdeModulePkg/Bus/Usb/UsbBusDxe/UsbEnumer.c
+++ b/MdeModulePkg/Bus/Usb/UsbBusDxe/UsbEnumer.c
@@ -814,11 +814,20 @@ UsbEnumerateNewDev (
   return EFI_SUCCESS;\r
 \r
 ON_ERROR:\r
-\r
-  if (Child != NULL) {\r
-    UsbFreeDevice (Child);\r
-  }\r
-\r
+  //\r
+  // If reach here, it means the enumeration process on a given port is interrupted due to error.\r
+  // The s/w resources, including the assigned address(Address) and the allocated usb device data\r
+  // structure(Bus->Devices[Address]), will NOT be freed here. These resources will be freed when\r
+  // the device is unplugged from the port or DriverBindingStop() is invoked.\r
+  //\r
+  // This way is used to co-work with the lower layer EDKII UHCI/EHCI/XHCI host controller driver.\r
+  // It's mainly because to keep UEFI spec unchanged EDKII XHCI driver have to maintain a state machine\r
+  // to keep track of the mapping between actual address and request address. If the request address\r
+  // (Address) is freed here, the Address value will be used by next enumerated device. Then EDKII XHCI\r
+  // host controller driver will have wrong information, which will cause further transaction error.\r
+  //\r
+  // EDKII UHCI/EHCI doesn't get impacted as it's make sense to reserve s/w resource till it gets unplugged.\r
+  //\r
   return Status;\r
 }\r
 \r