pasemi_mac: Fix reuse of free'd skb

Turns out we're freeing the skb when we detect CRC error, but we're
not clearing out info->skb. We could either clear it and have the stack
reallocate it, or just leave it and the rx ring refill code will reuse
the one that was allocated.

Reusing a freed skb obviously caused some nasty crashes of various kind,
as reported by Brent Baude and David Woodhouse.

Signed-off-by: Olof Johansson <olof@lixom.net>
Signed-off-by: Jeff Garzik <jeff@garzik.org>

diff --git a/drivers/net/pasemi_mac.c b/drivers/net/pasemi_mac.c
index a8db5d7105fb9a9c23fe213694d3b5ab9a7ceb75..816a59e801b2bbd26bc590ee66c57a8e67a004c0 100644 (file)
--- a/drivers/net/pasemi_mac.c
+++ b/drivers/net/pasemi_mac.c
@@ -586,7 +586,7 @@ static int pasemi_mac_clean_rx(struct pasemi_mac *mac, int limit)
                        /* CRC error flagged */
                        mac->netdev->stats.rx_errors++;
                        mac->netdev->stats.rx_crc_errors++;
-                       dev_kfree_skb_irq(skb);
+                       /* No need to free skb, it'll be reused */
                        goto next;
                }