From 3d45296ab96c2ec8308226b3350a6d9e48379870 Mon Sep 17 00:00:00 2001 From: WANG Cong Date: Fri, 29 Jan 2016 11:58:03 -0800 Subject: [PATCH] irda: fix a potential use-after-free in ircomm_param_request self->ctrl_skb is protected by self->spinlock, we should not access it out of the lock. Move the debugging printk inside. Reported-by: Dmitry Vyukov Cc: Samuel Ortiz Signed-off-by: Cong Wang Signed-off-by: David S. Miller --- net/irda/ircomm/ircomm_param.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/net/irda/ircomm/ircomm_param.c b/net/irda/ircomm/ircomm_param.c index 3c4caa60c926..5728e76ca6d5 100644 --- a/net/irda/ircomm/ircomm_param.c +++ b/net/irda/ircomm/ircomm_param.c @@ -134,11 +134,10 @@ int ircomm_param_request(struct ircomm_tty_cb *self, __u8 pi, int flush) return -1; } skb_put(skb, count); + pr_debug("%s(), skb->len=%d\n", __func__, skb->len); spin_unlock_irqrestore(&self->spinlock, flags); - pr_debug("%s(), skb->len=%d\n", __func__ , skb->len); - if (flush) { /* ircomm_tty_do_softint will take care of the rest */ schedule_work(&self->tqueue);