CFR: FireWire: Don't allow a tlabel to reference an xfer after free
Sean Bruno
seanwbruno at gmail.com
Thu Apr 4 21:33:09 UTC 2013
On Thu, 2013-03-28 at 11:25 -0600, Will Andrews wrote:
> Diff: http://people.freebsd.org/~will/patches/fix-fwmem-use-after-free.diff
>
> >From the commit log:
>
> FireWire: Don't allow a tlabel to reference an xfer after free.
>
> sys/dev/firewire/firewire.c:
> - fw_xfer_unload(): Since we are about to free this xfer, call
> fw_tl_free() to remove the xfer from its tlabel's list, if
> it has a tlabel.
> - In every occasion when a xfer is removed from a tlabel's list,
> reset xfer->tl to -1 while holding fc->tlabel_lock, so that the
> xfer isn't mis-identified as belonging to a tlabel.
>
>
> Thanks,
> --Will.
> _______________________________________________
Ack. Looks like a valid commit.
sean
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: This is a digitally signed message part
URL: <http://lists.freebsd.org/pipermail/freebsd-hackers/attachments/20130404/00e05c5e/attachment.sig>
More information about the freebsd-hackers
mailing list