Invalidate ugen(4) knote lists after device detach

This prevents the kernel from crashing when a ugen(4) device is detached
while kqueue still holds a reference to that device.

Crash reported and fix tested by xavier.s on bugs@.

OK mpi@

diff --git a/sys/dev/usb/ugen.c b/sys/dev/usb/ugen.c
index bf82f84..194a39a 100644 (file)
--- a/sys/dev/usb/ugen.c
+++ b/sys/dev/usb/ugen.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: ugen.c,v 1.116 2022/07/02 08:50:42 visa Exp $ */
+/*     $OpenBSD: ugen.c,v 1.117 2022/12/19 15:10:40 visa Exp $ */
 /*     $NetBSD: ugen.c,v 1.63 2002/11/26 18:49:48 christos Exp $       */
 /*     $FreeBSD: src/sys/dev/usb/ugen.c,v 1.26 1999/11/17 22:33:41 n_hibma Exp $       */
 
@@ -798,6 +798,10 @@ ugen_detach(struct device *self, int flags)
        for (endptno = 0; endptno < USB_MAX_ENDPOINTS; endptno++) {
                if (sc->sc_is_open[endptno])
                        ugen_do_close(sc, endptno, FREAD|FWRITE);
+
+               /* ugenkqfilter() always uses IN. */
+               sce = &sc->sc_endpoints[endptno][IN];
+               klist_invalidate(&sce->rsel.si_note);
        }
        return (0);
 }