kern/153938: [run] [panic] [patch] Workaround for use-after-free panic

[PseudoCylon]

The following reply was made to PR kern/153938; it has been noted by GNATS.

From: PseudoCylon <moonlightakkiy at yahoo.ca>
To: Juergen Lock <nox at jelal.kn-bremen.de>
Cc: bug-followup at freebsd.org, nox at jelal.kn-bremen.de
Subject: Re: kern/153938: [run] [panic] [patch] Workaround for use-after-free panic
Date: Sun, 16 Jan 2011 22:24:07 -0800 (PST)

 ----- Original Message ----
 > From: Juergen Lock <nox at jelal.kn-bremen.de>
 > To: PseudoCylon <moonlightakkiy at yahoo.ca>
 > Cc: bug-followup at freebsd.org; nox at jelal.kn-bremen.de
 > Sent: Fri, January 14, 2011 10:36:50 AM
 > Subject: Re: kern/153938: [run] [panic] [patch] Workaround for use-after-free 
 >panic
 > 
 > On Thu, Jan 13, 2011 at 04:47:21PM -0800, PseudoCylon wrote:
 > >  Hello,
 > Hi!
 > > 
 > > Thank you for the patch.
 > > 
 >  You're  welcome! :)
 > 
 > > I have applied it. Please try patched driver  out.
 > > http://gitorious.org/run/run/trees/ratectl_fix/dev/usb/wlan
 > > 
 > > I added locks to your patch, so saved pointers are more  reliable.
 > 
 >  I see you removed the rn->wcid code, I guess I should  have
 > explained what it's for:  ni->ni_associd already gets zeroed  before
 > run_node_cleanup() is called so with your version no  sc->sc_ni[wcid]
 > ever gets set to NULL.
 > 
 
 You're right.
 
 > +        if (wcid ==  0)
 > +            wcid =  rn->wcid;
 
 
 Is there any reason to test "ni->ni_associd == 0"? We know it is 0.
 
 
 AK