e23ae408c0
in the LinuxKPI. This is done by calling finit() just before returning a magic value of ENXIO in the "linux_dev_fdopen" function. The Linux file structure should mimic the BSD file structure as much as possible. This patch decouples the Linux file structure from the belonging character device right after the "linux_dev_fdopen" function has returned. This fixes an issue which allows a Linux file handle to exist after a character device has been destroyed and removed from the directory index of /dev. Only when the reference count of the BSD file handle reaches zero, the Linux file handle is destroyed. This fixes use-after-free issues related to accessing the Linux file structure after the character device has been destroyed. While at it add a missing NULL check for non-present file operation. Calling a NULL pointer will result in a segmentation fault. Reviewed by: kib @ MFC after: 1 week Sponsored by: Mellanox Technologies |
||
|---|---|---|
| .. | ||
| common | ||