Date: Mon, 17 Jan 2011 06:30:16 GMT From: PseudoCylon <moonlightakkiy@yahoo.ca> To: freebsd-net@FreeBSD.org Subject: Re: kern/153938: [run] [panic] [patch] Workaround for use-after-free panic Message-ID: <201101170630.p0H6UGrD017810@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR kern/153938; it has been noted by GNATS. From: PseudoCylon <moonlightakkiy@yahoo.ca> To: Juergen Lock <nox@jelal.kn-bremen.de> Cc: bug-followup@freebsd.org, nox@jelal.kn-bremen.de Subject: Re: kern/153938: [run] [panic] [patch] Workaround for use-after-free panic Date: Sun, 16 Jan 2011 22:24:07 -0800 (PST) ----- Original Message ---- > From: Juergen Lock <nox@jelal.kn-bremen.de> > To: PseudoCylon <moonlightakkiy@yahoo.ca> > Cc: bug-followup@freebsd.org; nox@jelal.kn-bremen.de > Sent: Fri, January 14, 2011 10:36:50 AM > Subject: Re: kern/153938: [run] [panic] [patch] Workaround for use-after-free >panic > > On Thu, Jan 13, 2011 at 04:47:21PM -0800, PseudoCylon wrote: > > Hello, > Hi! > > > > Thank you for the patch. > > > You're welcome! :) > > > I have applied it. Please try patched driver out. > > http://gitorious.org/run/run/trees/ratectl_fix/dev/usb/wlan > > > > I added locks to your patch, so saved pointers are more reliable. > > I see you removed the rn->wcid code, I guess I should have > explained what it's for: ni->ni_associd already gets zeroed before > run_node_cleanup() is called so with your version no sc->sc_ni[wcid] > ever gets set to NULL. > You're right. > + if (wcid == 0) > + wcid = rn->wcid; Is there any reason to test "ni->ni_associd == 0"? We know it is 0. AK
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201101170630.p0H6UGrD017810>