From: WANG Cong Date: Fri, 29 Jan 2016 19:58:03 +0000 (-0800) Subject: irda: fix a potential use-after-free in ircomm_param_request X-Git-Tag: v4.5-rc3~21^2~2 X-Git-Url: https://www.infradead.org/git/?a=commitdiff_plain;h=3d45296ab96c2ec8308226b3350a6d9e48379870;p=users%2Fwilly%2Flinux.git irda: fix a potential use-after-free in ircomm_param_request self->ctrl_skb is protected by self->spinlock, we should not access it out of the lock. Move the debugging printk inside. Reported-by: Dmitry Vyukov Cc: Samuel Ortiz Signed-off-by: Cong Wang Signed-off-by: David S. Miller --- diff --git a/net/irda/ircomm/ircomm_param.c b/net/irda/ircomm/ircomm_param.c index 3c4caa60c926..5728e76ca6d5 100644 --- a/net/irda/ircomm/ircomm_param.c +++ b/net/irda/ircomm/ircomm_param.c @@ -134,11 +134,10 @@ int ircomm_param_request(struct ircomm_tty_cb *self, __u8 pi, int flush) return -1; } skb_put(skb, count); + pr_debug("%s(), skb->len=%d\n", __func__, skb->len); spin_unlock_irqrestore(&self->spinlock, flags); - pr_debug("%s(), skb->len=%d\n", __func__ , skb->len); - if (flush) { /* ircomm_tty_do_softint will take care of the rest */ schedule_work(&self->tqueue);