From: Patrick McHardy Date: Tue, 12 Apr 2011 05:39:51 +0000 (+0000) Subject: connector: fix skb double free in cn_rx_skb() X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=0e08785845093ef4ed220463a739bc8d0db95de7;p=GitHub%2Fexynos8895%2Fandroid_kernel_samsung_universal8895.git connector: fix skb double free in cn_rx_skb() When a skb is delivered to a registered callback, cn_call_callback() incorrectly returns -ENODEV after freeing the skb, causing cn_rx_skb() to free the skb a second time. Reported-by: Eric B Munson Signed-off-by: Patrick McHardy Tested-by: Eric B Munson Signed-off-by: David S. Miller --- diff --git a/drivers/connector/connector.c b/drivers/connector/connector.c index d77005849af8..219d88a0eeae 100644 --- a/drivers/connector/connector.c +++ b/drivers/connector/connector.c @@ -142,6 +142,7 @@ static int cn_call_callback(struct sk_buff *skb) cbq->callback(msg, nsp); kfree_skb(skb); cn_queue_release_callback(cbq); + err = 0; } return err;