From: Jia-Ju Bai <baijiaju1...@gmail.com> Date: Wed, 26 Dec 2018 22:09:34 +0800
> In drivers/isdn/hisax/hfc_pci.c, the functions hfcpci_interrupt() and > HFCPCI_l1hw() may be concurrently executed. > > HFCPCI_l1hw() > line 1173: if (!cs->tx_skb) > > hfcpci_interrupt() > line 942: spin_lock_irqsave(); > line 1066: dev_kfree_skb_irq(cs->tx_skb); > > Thus, a possible concurrency use-after-free bug may occur > in HFCPCI_l1hw(). > > To fix these bugs, the calls to spin_lock_irqsave() and > spin_unlock_irqrestore() are added in HFCPCI_l1hw(), to protect the > access to cs->tx_skb. > > Signed-off-by: Jia-Ju Bai <baijiaju1...@gmail.com> Applied.
