[Intel-wired-lan] [next PATCH S61 03/10] i40e/i40evf: Fix use after free in Rx cleanup path
Bimmy Pujari
bimmy.pujari at intel.com
Tue Feb 21 23:55:41 UTC 2017
From: Alexander Duyck <alexander.h.duyck at intel.com>
We need to reset skb back to NULL when we have freed it in the Rx cleanup
path. I found one spot where this wasn't occurring so this patch fixes it.
Signed-off-by: Alexander Duyck <alexander.h.duyck at intel.com>
Change-ID: Iaca68934200732cd4a63eb0bd83b539c95f8c4dd
---
Testing Hints:
The "Fixes" commit ID will need to be updated before this is pushed
upstream. Ideally this patch can be dropped if the patch that
introduced the bug has not yet made it upstream, and this fix can
be taken care of there.
drivers/net/ethernet/intel/i40e/i40e_txrx.c | 1 +
drivers/net/ethernet/intel/i40evf/i40e_txrx.c | 1 +
2 files changed, 2 insertions(+)
diff --git a/drivers/net/ethernet/intel/i40e/i40e_txrx.c b/drivers/net/ethernet/intel/i40e/i40e_txrx.c
index f80c76c..558d7da 100644
--- a/drivers/net/ethernet/intel/i40e/i40e_txrx.c
+++ b/drivers/net/ethernet/intel/i40e/i40e_txrx.c
@@ -2183,6 +2183,7 @@ static int i40e_clean_rx_irq(struct i40e_ring *rx_ring, int budget)
*/
if (unlikely(i40e_test_staterr(rx_desc, BIT(I40E_RXD_QW1_ERROR_SHIFT)))) {
dev_kfree_skb_any(skb);
+ skb = NULL;
continue;
}
diff --git a/drivers/net/ethernet/intel/i40evf/i40e_txrx.c b/drivers/net/ethernet/intel/i40evf/i40e_txrx.c
index 39e2e73..9b9314a 100644
--- a/drivers/net/ethernet/intel/i40evf/i40e_txrx.c
+++ b/drivers/net/ethernet/intel/i40evf/i40e_txrx.c
@@ -1299,6 +1299,7 @@ static int i40e_clean_rx_irq(struct i40e_ring *rx_ring, int budget)
*/
if (unlikely(i40e_test_staterr(rx_desc, BIT(I40E_RXD_QW1_ERROR_SHIFT)))) {
dev_kfree_skb_any(skb);
+ skb = NULL;
continue;
}
--
2.4.11
More information about the Intel-wired-lan
mailing list