pasemi_mac: Fix reuse of free'd skb
authorOlof Johansson <olof@lixom.net>
Tue, 4 Dec 2007 03:34:14 +0000 (21:34 -0600)
committerJeff Garzik <jeff@garzik.org>
Tue, 4 Dec 2007 19:53:49 +0000 (14:53 -0500)
Turns out we're freeing the skb when we detect CRC error, but we're
not clearing out info->skb. We could either clear it and have the stack
reallocate it, or just leave it and the rx ring refill code will reuse
the one that was allocated.

Reusing a freed skb obviously caused some nasty crashes of various kind,
as reported by Brent Baude and David Woodhouse.

Signed-off-by: Olof Johansson <olof@lixom.net>
Signed-off-by: Jeff Garzik <jeff@garzik.org>
drivers/net/pasemi_mac.c

index a8db5d7105fb9a9c23fe213694d3b5ab9a7ceb75..816a59e801b2bbd26bc590ee66c57a8e67a004c0 100644 (file)
@@ -586,7 +586,7 @@ static int pasemi_mac_clean_rx(struct pasemi_mac *mac, int limit)
                        /* CRC error flagged */
                        mac->netdev->stats.rx_errors++;
                        mac->netdev->stats.rx_crc_errors++;
-                       dev_kfree_skb_irq(skb);
+                       /* No need to free skb, it'll be reused */
                        goto next;
                }