e23ae408c0
in the LinuxKPI. This is done by calling finit() just before returning a magic value of ENXIO in the "linux_dev_fdopen" function. The Linux file structure should mimic the BSD file structure as much as possible. This patch decouples the Linux file structure from the belonging character device right after the "linux_dev_fdopen" function has returned. This fixes an issue which allows a Linux file handle to exist after a character device has been destroyed and removed from the directory index of /dev. Only when the reference count of the BSD file handle reaches zero, the Linux file handle is destroyed. This fixes use-after-free issues related to accessing the Linux file structure after the character device has been destroyed. While at it add a missing NULL check for non-present file operation. Calling a NULL pointer will result in a segmentation fault. Reviewed by: kib @ MFC after: 1 week Sponsored by: Mellanox Technologies |
||
|---|---|---|
| .. | ||
| cloudabi | ||
| cloudabi32 | ||
| cloudabi64 | ||
| freebsd32 | ||
| ia32 | ||
| linprocfs | ||
| linsysfs | ||
| linux | ||
| linuxkpi/common | ||
| ndis | ||
| netbsd | ||
| x86bios | ||