From: Marc Kleine-Budde Date: Sat, 11 Jul 2015 19:16:08 +0000 (+0200) Subject: can: ems_usb: don't touch skb after netif_rx() X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=43c021e8d6844c4b0f5cc9eda10d232e7b87a456;p=GitHub%2Fmoto-9609%2Fandroid_kernel_motorola_exynos9610.git can: ems_usb: don't touch skb after netif_rx() There is no guarantee that the skb is in the same state after calling net_receive_skb() or netif_rx(). It might be freed or reused. Not really harmful as its a read access, except you turn on the proper debugging options which catch a use after free. Cc: Gerhard Uttenthaler Signed-off-by: Marc Kleine-Budde --- diff --git a/drivers/net/can/usb/ems_usb.c b/drivers/net/can/usb/ems_usb.c index 866bac0ae7e9..2d390384ef3b 100644 --- a/drivers/net/can/usb/ems_usb.c +++ b/drivers/net/can/usb/ems_usb.c @@ -324,10 +324,9 @@ static void ems_usb_rx_can_msg(struct ems_usb *dev, struct ems_cpc_msg *msg) cf->data[i] = msg->msg.can_msg.msg[i]; } - netif_rx(skb); - stats->rx_packets++; stats->rx_bytes += cf->can_dlc; + netif_rx(skb); } static void ems_usb_rx_err(struct ems_usb *dev, struct ems_cpc_msg *msg) @@ -400,10 +399,9 @@ static void ems_usb_rx_err(struct ems_usb *dev, struct ems_cpc_msg *msg) stats->rx_errors++; } - netif_rx(skb); - stats->rx_packets++; stats->rx_bytes += cf->can_dlc; + netif_rx(skb); } /*