CFR: FireWire: Don't allow a tlabel to reference an xfer after free
Will Andrews
will at firepipe.net
Thu Mar 28 17:25:09 UTC 2013
Diff: http://people.freebsd.org/~will/patches/fix-fwmem-use-after-free.diff
>From the commit log:
FireWire: Don't allow a tlabel to reference an xfer after free.
sys/dev/firewire/firewire.c:
- fw_xfer_unload(): Since we are about to free this xfer, call
fw_tl_free() to remove the xfer from its tlabel's list, if
it has a tlabel.
- In every occasion when a xfer is removed from a tlabel's list,
reset xfer->tl to -1 while holding fc->tlabel_lock, so that the
xfer isn't mis-identified as belonging to a tlabel.
Thanks,
--Will.
More information about the freebsd-hackers
mailing list