From: Annie Li Date: Wed, 27 Jun 2012 00:46:58 +0000 (+0000) Subject: xen/netback: only non-freed SKB is queued into tx_queue X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=1e0b6eac6a150a35b45d019681b0021896354ae5;p=GitHub%2FLineageOS%2Fandroid_kernel_motorola_exynos9610.git xen/netback: only non-freed SKB is queued into tx_queue After SKB is queued into tx_queue, it will be freed if request_gop is NULL. However, no dequeue action is called in this situation, it is likely that tx_queue constains freed SKB. This patch should fix this issue, and it is based on 3.5.0-rc4+. This issue is found through code inspection, no bug is seen with it currently. I run netperf test for several hours, and no network regression was found. Signed-off-by: Annie Li Acked-by: Ian Campbell Signed-off-by: David S. Miller --- diff --git a/drivers/net/xen-netback/netback.c b/drivers/net/xen-netback/netback.c index f4a6fcaeffb1..682633bfe00f 100644 --- a/drivers/net/xen-netback/netback.c +++ b/drivers/net/xen-netback/netback.c @@ -1363,8 +1363,6 @@ static unsigned xen_netbk_tx_build_gops(struct xen_netbk *netbk) INVALID_PENDING_IDX); } - __skb_queue_tail(&netbk->tx_queue, skb); - netbk->pending_cons++; request_gop = xen_netbk_get_requests(netbk, vif, @@ -1376,6 +1374,8 @@ static unsigned xen_netbk_tx_build_gops(struct xen_netbk *netbk) } gop = request_gop; + __skb_queue_tail(&netbk->tx_queue, skb); + vif->tx.req_cons = idx; xen_netbk_check_rx_xenvif(vif);