[PATCH v4 01/04] can: kvaser_usb: Don't dereference skb after a netif_rx()

From: Ahmed S. Darwish
Date: Sun Jan 11 2015 - 15:50:04 EST

Next message: Daniel Lezcano: "Re: [PATCH] clocksource: sirf: Remove unused variable"
Previous message: Ahmed S. Darwish: "[PATCH v4 4/4] can: kvaser_usb: Retry first bulk transfer on -ETIMEDOUT"
In reply to: Ahmed S. Darwish: "Re: [PATCH v4 2/4] can: kvaser_usb: Update error counters before exiting on OOM"
Next in thread: Marc Kleine-Budde: "Re: [PATCH v4 01/04] can: kvaser_usb: Don't dereference skb after a netif_rx()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Ahmed S. Darwish <ahmed.darwish@xxxxxxxxx>

We should not touch the packet after a netif_rx: it might
get freed behind our back.

Suggested-by: Marc Kleine-Budde <mkl@xxxxxxxxxxxxxx>
Signed-off-by: Ahmed S. Darwish <ahmed.darwish@xxxxxxxxx>
---
drivers/net/can/usb/kvaser_usb.c | 11 ++++-------
1 file changed, 4 insertions(+), 7 deletions(-)

(Resend, fix the garbled subject line. Sorry)

diff --git a/drivers/net/can/usb/kvaser_usb.c b/drivers/net/can/usb/kvaser_usb.c
index cc7bfc0..c32cd61 100644
--- a/drivers/net/can/usb/kvaser_usb.c
+++ b/drivers/net/can/usb/kvaser_usb.c
@@ -520,10 +520,10 @@ static void kvaser_usb_tx_acknowledge(const struct kvaser_usb *dev,
skb = alloc_can_err_skb(priv->netdev, &cf);
if (skb) {
cf->can_id |= CAN_ERR_RESTARTED;
- netif_rx(skb);

stats->rx_packets++;
stats->rx_bytes += cf->can_dlc;
+ netif_rx(skb);
} else {
netdev_err(priv->netdev,
"No memory left for err_skb\n");
@@ -770,10 +770,9 @@ static void kvaser_usb_rx_error(const struct kvaser_usb *dev,

priv->can.state = new_state;

- netif_rx(skb);
-
stats->rx_packets++;
stats->rx_bytes += cf->can_dlc;
+ netif_rx(skb);
}

static void kvaser_usb_rx_can_err(const struct kvaser_usb_net_priv *priv,
@@ -805,10 +804,9 @@ static void kvaser_usb_rx_can_err(const struct kvaser_usb_net_priv *priv,
stats->rx_over_errors++;
stats->rx_errors++;

- netif_rx(skb);
-
stats->rx_packets++;
stats->rx_bytes += cf->can_dlc;
+ netif_rx(skb);
}
}

@@ -887,10 +885,9 @@ static void kvaser_usb_rx_can_msg(const struct kvaser_usb *dev,
cf->can_dlc);
}

- netif_rx(skb);
-
stats->rx_packets++;
stats->rx_bytes += cf->can_dlc;
+ netif_rx(skb);
}

static void kvaser_usb_start_chip_reply(const struct kvaser_usb *dev,
--
1.9.1

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Daniel Lezcano: "Re: [PATCH] clocksource: sirf: Remove unused variable"
Previous message: Ahmed S. Darwish: "[PATCH v4 4/4] can: kvaser_usb: Retry first bulk transfer on -ETIMEDOUT"
In reply to: Ahmed S. Darwish: "Re: [PATCH v4 2/4] can: kvaser_usb: Update error counters before exiting on OOM"
Next in thread: Marc Kleine-Budde: "Re: [PATCH v4 01/04] can: kvaser_usb: Don't dereference skb after a netif_rx()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]