[PATCH] s390/net/qeth_main.c: Fix use of skb after netif_rx
From: Julia Lawall
Date: Fri Dec 14 2007 - 04:28:42 EST
From: Julia Lawall <julia@xxxxxxx>
Recently, Wang Chen submitted a patch
(d30f53aeb31d453a5230f526bea592af07944564) to move a call to netif_rx(skb)
after a subsequent reference to skb, because netif_rx may call kfree_skb on
its argument. The same problem occurs in some other drivers as well.
This was found using the following semantic match.
(http://www.emn.fr/x-info/coccinelle/)
// <smpl>
@@
expression skb, e,e1;
@@
(
netif_rx(skb);
|
netif_rx_ni(skb);
)
... when != skb = e
(
skb = e1
|
* skb
)
// </smpl>
Signed-off-by: Julia Lawall <julia@xxxxxxx>
---
diff -u -p a/drivers/s390/net/qeth_main.c b/drivers/s390/net/qeth_main.c
--- a/drivers/s390/net/qeth_main.c 2007-10-22 11:25:20.000000000 +0200
+++ b/drivers/s390/net/qeth_main.c 2007-12-14 10:20:06.000000000 +0100
@@ -2689,6 +2689,7 @@ qeth_process_inbound_buffer(struct qeth_
int offset;
int rxrc;
__u16 vlan_tag = 0;
+ unsigned int len;
/* get first element of current buffer */
element = (struct qdio_buffer_element *)&buf->buffer->element[0];
@@ -2717,6 +2718,7 @@ qeth_process_inbound_buffer(struct qeth_
dev_kfree_skb_any(skb);
continue;
}
+ len = skb->len;
if (card->info.type == QETH_CARD_TYPE_OSN)
rxrc = card->osn_info.data_cb(skb);
else
@@ -2733,7 +2735,7 @@ qeth_process_inbound_buffer(struct qeth_
rxrc = netif_rx(skb);
card->dev->last_rx = jiffies;
card->stats.rx_packets++;
- card->stats.rx_bytes += skb->len;
+ card->stats.rx_bytes += len;
}
}
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/