blob: 5f6b822df8b4465d413be52e24c0d559565304e1 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
|
# HG changeset 157 patch
# User kfraser@localhost.localdomain
# Date 1187004079 -3600
# Node ID 877c2e42a701d6a32ca30f35da34ade0b935f820
# Parent d2f9b7e3623114e6a45c916f21b348fda122fa8e
Subject: net front: Avoid deref'ing skb after it is potentially freed.
Signed-off-by: Keir Fraser <keir@xensource.com>
Acked-by: jbeulich@novell.com
Index: head-2007-08-22/drivers/xen/netfront/netfront.c
===================================================================
--- head-2007-08-22.orig/drivers/xen/netfront/netfront.c 2007-08-22 09:52:40.000000000 +0200
+++ head-2007-08-22/drivers/xen/netfront/netfront.c 2007-08-22 09:52:45.000000000 +0200
@@ -1015,6 +1015,10 @@ static int network_start_xmit(struct sk_
if (notify)
notify_remote_via_irq(np->irq);
+ np->stats.tx_bytes += skb->len;
+ np->stats.tx_packets++;
+
+ /* Note: It is not safe to access skb after network_tx_buf_gc()! */
network_tx_buf_gc(dev);
if (!netfront_tx_slot_available(np))
@@ -1022,9 +1026,6 @@ static int network_start_xmit(struct sk_
spin_unlock_irq(&np->tx_lock);
- np->stats.tx_bytes += skb->len;
- np->stats.tx_packets++;
-
return 0;
drop:
|
GitWeb
