[PATCH 1/2] staging: fsl-dpaa2/eth: Fix skb use after free

From: Bogdan Purcareata
Date: Thu Jul 20 2017 - 06:58:51 EST


Once a Tx frame descriptor is enqueued, an interrupt might be triggered
to process the Tx confirmation and free the skb, hitting a memory use
after free when updating the tx_bytes statistic based on skb->len.

Use the frame descriptor length instead.

Signed-off-by: Bogdan Purcareata <bogdan.purcareata@xxxxxxx>
---
drivers/staging/fsl-dpaa2/ethernet/dpaa2-eth.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/staging/fsl-dpaa2/ethernet/dpaa2-eth.c b/drivers/staging/fsl-dpaa2/ethernet/dpaa2-eth.c
index b9a0a31..0f3e497 100644
--- a/drivers/staging/fsl-dpaa2/ethernet/dpaa2-eth.c
+++ b/drivers/staging/fsl-dpaa2/ethernet/dpaa2-eth.c
@@ -616,7 +616,7 @@ static netdev_tx_t dpaa2_eth_tx(struct sk_buff *skb, struct net_device *net_dev)
free_tx_fd(priv, &fd, NULL);
} else {
percpu_stats->tx_packets++;
- percpu_stats->tx_bytes += skb->len;
+ percpu_stats->tx_bytes += dpaa2_fd_get_len(&fd);
}

return NETDEV_TX_OK;
--
2.7.4