From owner-freebsd-hackers@FreeBSD.ORG Thu Apr 4 21:33:09 2013 Return-Path: Delivered-To: hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id 5AAF490; Thu, 4 Apr 2013 21:33:09 +0000 (UTC) (envelope-from seanwbruno@gmail.com) Received: from mail-pd0-f171.google.com (mail-pd0-f171.google.com [209.85.192.171]) by mx1.freebsd.org (Postfix) with ESMTP id 313BDEAD; Thu, 4 Apr 2013 21:33:09 +0000 (UTC) Received: by mail-pd0-f171.google.com with SMTP id z10so1664480pdj.30 for ; Thu, 04 Apr 2013 14:33:03 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=x-received:subject:from:reply-to:to:cc:in-reply-to:references :content-type:date:message-id:mime-version:x-mailer; bh=6ZjQ1sKxyFcqp20W39tle19I76nll1canOpBC631wEY=; b=qTGR/iAwdjz1MoFMeBXeh3JLfX1h62DaXWYjvQ65BkPo54j4xcaq7RbDdSGOZbmyGs gCZVNrCTr9r3qvtZGo6R4n+hBsIRMV0FeAa8qtpk8U2LiYU+EEO5+2G+2EZ5DcC/G1Lg FUOzsp8qVqAFwfO384uNFLhnvS/0clc1EMHz+atM3F6oIyF2QH2XNFDnd5R05qRTNhi5 EImqxYdrQEzgncTZiSWUNLoCmSHbP5psT+x4EU5NWVBG/KIU35c++VDBBEEmD8N8T50k GY9IuZK018ZPvA6X0JlI27gakCB8z5TVdIX3cKxmQ2JP067P8e0Tckuza4gylIF/NJTZ bg1Q== X-Received: by 10.68.134.71 with SMTP id pi7mr3394769pbb.205.1365111183801; Thu, 04 Apr 2013 14:33:03 -0700 (PDT) Received: from [10.73.160.242] (nat-dip7.cfw-a-gci.corp.yahoo.com. [209.131.62.116]) by mx.google.com with ESMTPS id hp1sm12955356pac.3.2013.04.04.14.33.01 (version=SSLv3 cipher=RC4-SHA bits=128/128); Thu, 04 Apr 2013 14:33:02 -0700 (PDT) Subject: Re: CFR: FireWire: Don't allow a tlabel to reference an xfer after free From: Sean Bruno To: Will Andrews In-Reply-To: References: Content-Type: multipart/signed; micalg="pgp-sha1"; protocol="application/pgp-signature"; boundary="=-3FK8TUAnM9kThpvm28+b" Date: Thu, 04 Apr 2013 14:33:00 -0700 Message-ID: <1365111180.1404.23.camel@localhost> Mime-Version: 1.0 X-Mailer: Evolution 2.32.1 FreeBSD GNOME Team Port Cc: Alexander Kabaev , hackers@freebsd.org X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list Reply-To: sbruno@freebsd.org List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 04 Apr 2013 21:33:09 -0000 --=-3FK8TUAnM9kThpvm28+b Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable On Thu, 2013-03-28 at 11:25 -0600, Will Andrews wrote: > Diff: http://people.freebsd.org/~will/patches/fix-fwmem-use-after-free.di= ff >=20 > >From the commit log: >=20 > FireWire: Don't allow a tlabel to reference an xfer after free. > =09 > sys/dev/firewire/firewire.c: > - fw_xfer_unload(): Since we are about to free this xfer, call > fw_tl_free() to remove the xfer from its tlabel's list, if > it has a tlabel. > - In every occasion when a xfer is removed from a tlabel's list, > reset xfer->tl to -1 while holding fc->tlabel_lock, so that the > xfer isn't mis-identified as belonging to a tlabel. >=20 >=20 > Thanks, > --Will. > _______________________________________________ Ack. Looks like a valid commit. sean --=-3FK8TUAnM9kThpvm28+b Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (FreeBSD) iQEcBAABAgAGBQJRXfGMAAoJEBkJRdwI6BaH6lYH/2+bSKUqX+NqebUk3JOyHtH2 Z+OpeZu7gsl+/+btIH+QEfQ3BAd4viFUBFLo9hoP9xIB9t0Sty2LZVhCtAAoYrcP kPqoCo4n/wkSTc6sfq3MAkT1KRguK/Fr/r25Mx1kS/6osX8ECy400tZemG7bYEZC 17p+2MXghTx6uZ9aML3rPWLGsgVETL3paaPyUx4+wZN8uzV2xbNU9r/g88mTDtB4 qxFb72Al+/ip5LChY41KKtpqjiUKSl0VPXXU+OwBX1/Yow2gHGK1BsH1J1B9uzFI DpNCArfd7pH664V9AaH5VUsnz+t+tYYRst51x54wK29UFY82Ew46nkzlAT4dpAQ= =94tn -----END PGP SIGNATURE----- --=-3FK8TUAnM9kThpvm28+b--